From: Gert Doering <gert@greenie.muc.de>
Date: Sat, 11 Jan 2014 11:50:36 +0000 (+0100)
Subject: Document issue with --chroot, /dev/urandom and PolarSSL.
X-Git-Tag: v2.4_alpha1~484
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b238a1f2d4b2cdcfc844689b33fd3ac43ed31c1c;p=thirdparty%2Fopenvpn.git

Document issue with --chroot, /dev/urandom and PolarSSL.

See trac#218

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1389441036-12538-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8213
---

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 7736c63c0..f694080ea 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -2097,6 +2097,16 @@ In many cases, the
 parameter can point to an empty directory, however
 complications can result when scripts or restarts
 are executed after the chroot operation.
+
+Note: if OpenVPN is built using the PolarSSL SSL
+library,
+.B \-\-chroot
+will only work if a /dev/urandom device node is available
+inside the chroot directory
+.B dir.
+This is due to the way PolarSSL works (it wants to open
+/dev/urandom every time randomness is needed, not just once
+at startup) and nothing OpenVPN can influence.
 .\"*********************************************************
 .TP
 .B \-\-setcon context