Date: Tue, 24 Dec 2013 12:44:34 -0800 From: Xin Li <delphij@delphij.net> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: [PATCH RFC] Disable save-entropy in jails Message-ID: <52B9F232.1090002@delphij.net>
next in thread | raw e-mail | index | archive | help
Hi,
I think we shouldn't save entropy inside jails, as the data is not going
to be used by rc script (pjd@126744). If there is no objections, I will
commit this changeset on January 1, 2014.
Index: libexec/save-entropy/save-entropy.sh
===================================================================
--- libexec/save-entropy/save-entropy.sh (revision 259828)
+++ libexec/save-entropy/save-entropy.sh (working copy)
@@ -42,6 +42,10 @@ elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf 2>/dev/null
fi
+if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then
+ exit 0
+fi
+
case ${entropy_dir} in
[Nn][Oo])
exit 0
Cheers,
--
Xin LI <delphij@delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52B9F232.1090002>