Date: Tue, 24 Dec 2013 14:36:10 -0800 From: Paul Hoffman <phoffman@proper.com> To: d@delphij.net Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: [PATCH RFC] Disable save-entropy in jails Message-ID: <278988C7-1749-413D-A5E2-ABE6753B3766@proper.com> In-Reply-To: <52B9F232.1090002@delphij.net> References: <52B9F232.1090002@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 24, 2013, at 12:44 PM, Xin Li <delphij@delphij.net> wrote: > I think we shouldn't save entropy inside jails, as the data is not going > to be used by rc script (pjd@126744). If there is no objections, I will > commit this changeset on January 1, 2014. Even if it is not used by an rc script, it might be used by some userland program (running as root, of course) that knows about the directory and wants some fresh entropy for its own use. Is there a problem with saving the directory in jails? It certainly isn't taking up much space. --Paul Hoffman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?278988C7-1749-413D-A5E2-ABE6753B3766>