From 52432ee63d9ab57d9dba7d9ce738d3964b2314a6 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Tue, 30 Aug 2016 19:22:53 +0200 Subject: [PATCH] unbound service: non-blocking random in chroot /dev/random is an exhaustible resource. Presumably, unbound will not be used to generate long-term encryption keys and so allowing it to use /dev/random only increases the risk of entropy exhaustion for no benefit. --- nixos/modules/services/networking/unbound.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 603c7f8fb101..4326a4137959 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -115,7 +115,7 @@ in chown unbound ${stateDir} ${rootTrustAnchorFile} ''} touch ${stateDir}/dev/random - ${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random + ${pkgs.utillinux}/bin/mount --bind -n /dev/urandom ${stateDir}/dev/random ''; serviceConfig = {