<chris2> so, current flow for getentropy is
<chris2> 1) use SYS_getrandom if it exists (true on glibc and musl)
<chris2> 2) use /dev/urandom
<chris2> 3) use sysctl (glibc only)
<chris2> 4) use terrible fallback
<chris2> and with a one-line patch it can instead kill itself after 3
<chris2> so that should only affect processes running without /dev/urandom on old kernels
<chris2> probably no harm else
<xtraeme> +1

--- crypto/compat/getentropy_linux.c.orig
+++ crypto/compat/getentropy_linux.c
@@ -162,7 +162,7 @@
 	 * sysctl ABI, or consider providing a new failsafe API which
 	 * works in a chroot or when file descriptors are exhausted.
 	 */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
+#define FAIL_INSTEAD_OF_TRYING_FALLBACK
 #ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
 	raise(SIGKILL);
 #endif
