diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2016-08-30 19:22:53 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-09-15 15:37:19 +0200 |
| commit | 52432ee63d9ab57d9dba7d9ce738d3964b2314a6 (patch) | |
| tree | 5afd6995251373daacc1b40792736c1809a8da42 /nixos/modules/services/networking/unbound.nix | |
| parent | 7980523e007c066495b010897f9cf240453e0ad1 (diff) | |
| download | nixpkgs-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar nixpkgs-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.gz nixpkgs-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.bz2 nixpkgs-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.lz nixpkgs-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.xz nixpkgs-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.tar.zst nixpkgs-52432ee63d9ab57d9dba7d9ce738d3964b2314a6.zip | |
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be used to generate long-term encryption keys and so allowing it to use /dev/random only increases the risk of entropy exhaustion for no benefit.
Diffstat (limited to 'nixos/modules/services/networking/unbound.nix')
| -rw-r--r-- | nixos/modules/services/networking/unbound.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 603c7f8fb10..4326a413795 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -115,7 +115,7 @@ in chown unbound ${stateDir} ${rootTrustAnchorFile} ''} touch ${stateDir}/dev/random - ${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random + ${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random ''; serviceConfig = { |