On Tue, Dec 24, 2013 at 12:44:34PM -0800, Xin Li wrote: > Hi, > > I think we shouldn't save entropy inside jails, as the data is not going > to be used by rc script (pjd_at_126744). If there is no objections, I will > commit this changeset on January 1, 2014. I agree we shouldn't do it. I have this line in my crontab that I wanted to commit at some point: 1,31 0-5 * * * root [ `sysctl -n security.jail.jailed` -eq 0 ] && adjkerntz -a It prevents executing adjkerntz from within a jail, but allows to keep the same crontab in and outside jails. We could do the same for save-entropy. It would be even nicer to have some flag so that even sysctl(8) is not executed. > Index: libexec/save-entropy/save-entropy.sh > =================================================================== > --- libexec/save-entropy/save-entropy.sh (revision 259828) > +++ libexec/save-entropy/save-entropy.sh (working copy) > _at__at_ -42,6 +42,10 _at__at_ elif [ -r /etc/rc.conf ]; then > . /etc/rc.conf 2>/dev/null > fi > > +if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then > + exit 0 > +fi > + > case ${entropy_dir} in > [Nn][Oo]) > exit 0 -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:45 UTC