[libvirt] should we use new Linux syscall getrandom(2)?
Michal Privoznik
mprivozn at redhat.com
Tue Dec 9 16:29:51 UTC 2014
On 09.12.2014 16:07, Daniel P. Berrange wrote:
> On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote:
>> Now that Linux has a syscall for getting secure random bytes, should we
>> use that when available in our src/util/virrandom.c implementation?
>
> Yes, we should. I remember reading a few weeks back that someone found
> our current random seed is rather predictable when the libvirt host is
> booted from a cut-down image running systemd. Since there is no longer
> 1000000000 lines of shell in the init process the initial PIDs are very
> stable across each boot attempt.
>
> The question is how should we make use of it ? Should we use it as the
> seed for initstate_r, or just use it for virRandomBits directly ?
Well, consider that libvirt might be run in a VM with snapshot. IIUC
nowadays when the VM is started from the snapshot virRandomBits()
produces the same sequence. If we want to prevent that we must use the
new syscall every time the virRandomBits() is called. I'm afraid using
the syscall just to set the seed won't be sufficient.
Michal
More information about the libvir-list
mailing list