Document issue with --chroot, /dev/urandom and PolarSSL.

author Gert Doering <gert@greenie.muc.de>

Sat, 11 Jan 2014 11:50:36 +0000 (12:50 +0100)

committer Gert Doering <gert@greenie.muc.de>

Sun, 12 Jan 2014 14:33:50 +0000 (15:33 +0100)
author Gert Doering <gert@greenie.muc.de>
Sat, 11 Jan 2014 11:50:36 +0000 (12:50 +0100)
committer Gert Doering <gert@greenie.muc.de>
Sun, 12 Jan 2014 14:33:50 +0000 (15:33 +0100)
diff --git a/doc/openvpn.8 b/doc/openvpn.8

index 7736c63c051f532ddc03ef01b56ac3e720b0104d..f694080ea752d08d70f843de44a147ae5c1cf8fa 100644 (file)
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2097,6 +2097,16 @@ In many cases, the
  parameter can point to an empty directory, however
  complications can result when scripts or restarts
  are executed after the chroot operation.
+
+Note: if OpenVPN is built using the PolarSSL SSL
+library,
+.B \-\-chroot
+will only work if a /dev/urandom device node is available
+inside the chroot directory
+.B dir.
+This is due to the way PolarSSL works (it wants to open
+/dev/urandom every time randomness is needed, not just once
+at startup) and nothing OpenVPN can influence.
  .\"*********************************************************
  .TP
  .B \-\-setcon context
author	Gert Doering <gert@greenie.muc.de>
	Sat, 11 Jan 2014 11:50:36 +0000 (12:50 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 12 Jan 2014 14:33:50 +0000 (15:33 +0100)