Right now unbound (unlike nsd) runs just fine in chroot, including managing some stuff (like pid/log files) outside. The only thing left is the random stuff: Mar 29 11:54:40 gandalf unbound: [2470:0] notice: openssl has no entropy, seeding with time and pid This can be solved by two ways: 1) providing /dev/random inside chroot and 2) initializing random number generator before chrooting. Am I understand it correctly? There MAY be a need to read more random bytes during runtime, and even open- read-close /dev/random again, but I don't know if unbound currently does that. Is it difficult to lessen this dependency on /dev/random a bit -- either by doing all init stuff before chrooting or by keeping /dev/random opened? Thanks! /mjt