Bug 191918
| Summary: | [patch] /usr/libexec/save-entropy wastes entropy for each running jail | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Eugene Grosbein <ports> | ||||
| Component: | conf | Assignee: | Xin LI <delphij> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Some People | CC: | citrin+pr, delphij | ||||
| Priority: | --- | ||||||
| Version: | 9.2-STABLE | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Committed as r268979 with minor changes. Thanks for your submission! Resoived by r268979(head) r269220 (stable/10) and r269221 (stable/8 and stable/9). |
Created attachment 144748 [details] stop save-ontropy if jailed /etc/rc.d/initrandom uses saved entropy to seed it to /dev/random. This script has "KEYWORD: nojail" so it is not run when full-blown jail starts, that's just fine. Default /etc/crontab runs /usr/libexec/save-entropy to save entropy for host and for each jail, that's not fine. Jailed /usr/libexec/save-entropy invocations just waste entropy. Workaround: comment out /usr/libexec/save-entropy in /etc/crontab for each running jail and each future jail. Fix: use attached patch to fix save-entropy so it just stops if jailed.