191918 – [patch] /usr/libexec/save-entropy wastes entropy for each running jail

Bug 191918 - [patch] /usr/libexec/save-entropy wastes entropy for each running jail

Summary: [patch] /usr/libexec/save-entropy wastes entropy for each running jail

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	conf (show other bugs)
Version:	9.2-STABLE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Xin LI

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-07-17 09:33 UTC by Eugene Grosbein
Modified:	2014-07-29 06:44 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
stop save-ontropy if jailed (477 bytes, patch) 2014-07-17 09:33 UTC, Eugene Grosbein	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eugene Grosbein 2014-07-17 09:33:29 UTC

Created attachment 144748 [details]
stop save-ontropy if jailed

/etc/rc.d/initrandom uses saved entropy to seed it to /dev/random. This script has "KEYWORD: nojail" so it is not run when full-blown jail starts, that's just fine.

Default /etc/crontab runs /usr/libexec/save-entropy to save entropy for host and for each jail, that's not fine. Jailed /usr/libexec/save-entropy invocations just waste entropy.

Workaround: comment out /usr/libexec/save-entropy in /etc/crontab for each running jail and each future jail.

Fix: use attached patch to fix save-entropy so it just stops if jailed.

Comment 1 Xin LI freebsd_committer

2014-07-22 06:41:06 UTC

Committed as r268979 with minor changes.  Thanks for your submission!

Comment 2 Xin LI freebsd_committer

2014-07-29 06:44:39 UTC

Resoived by r268979(head) r269220 (stable/10) and r269221 (stable/8 and stable/9).