mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-20 12:42:24 +00:00
Code Issues Wiki Activity

unbound service: non-blocking random in chroot

Browse source 
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
This commit is contained in:
Joachim Fasting 2016-08-30 19:22:53 +02:00
parent 7980523e00
commit 52432ee63d
No known key found for this signature in database
GPG key ID: 7544761007FE4E08
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/services/networking/unbound.nix
View file

@ -115,7 +115,7 @@ in
chown unbound ${stateDir} ${rootTrustAnchorFile} chown unbound ${stateDir} ${rootTrustAnchorFile}
''} ''}
touch ${stateDir}/dev/random touch ${stateDir}/dev/random
${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random ${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random
''; '';
serviceConfig = { serviceConfig = {