diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-08-30 19:22:53 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-09-15 15:37:19 +0200 |
commit | 52432ee63d9ab57d9dba7d9ce738d3964b2314a6 (patch) | |
tree | 5afd6995251373daacc1b40792736c1809a8da42 /nixos/modules/services/networking | |
parent | 7980523e007c066495b010897f9cf240453e0ad1 (diff) | |
download | nixlib-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar nixlib-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.gz nixlib-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.bz2 nixlib-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.lz nixlib-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.xz nixlib-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.zst nixlib-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.zip |
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be used to generate long-term encryption keys and so allowing it to use /dev/random only increases the risk of entropy exhaustion for no benefit.
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/unbound.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 603c7f8fb101..4326a4137959 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -115,7 +115,7 @@ in chown unbound ${stateDir} ${rootTrustAnchorFile} ''} touch ${stateDir}/dev/random - ${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random + ${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random ''; serviceConfig = { |