Giovanni Giacobbi <giova...@giacobbi.net> [2021-01-30 13:45:21]:
Hi,
> On systems where adding entropy to /dev/random using ioctl(RNDADDENTROPY) is
> not allowed (notably: docker containers), avoid entering a busy loop that
> consumes high cpu, as the poll loop will keep firing.
>
> Cc: Petr Štetiar <yn...@true.cz>
> ---
> urngd.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/urngd.c b/urngd.c
> index 35ccdec..410d300 100644
> --- a/urngd.c
> +++ b/urngd.c
> @@ -129,9 +129,14 @@ static size_t gather_entropy(struct urngd *u)
> static void low_entropy_cb(struct uloop_fd *ufd, unsigned int events)
> {
> struct urngd *u = container_of(ufd, struct urngd, rnd_fd);
> + size_t res;
>
> DEBUG(2, DEV_RANDOM " signals low entropy\n");
> - gather_entropy(u);
> + res = gather_entropy(u);
> + if (!res) {
> + DEBUG(2, "gather_entropy failed, delaying further attempts\n");
> + sleep(60);
> + }
this looks like a workaround. That ioctl() call likely returns EPERM error
which should be handled properly, probably by error message "CAP_SYS_ADMIN (or
whatever else) is mandatory for proper operation" followed by a termination of
daemon. I think, that it makes no sense to keep running in such cases.
Cheers,
Petr
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
