[libvirt] [PATCH] Add hw random number generator (/dev/hwrng) to default qemu cgroup ACL
Eric Blake
eblake at redhat.com
Mon Nov 18 15:15:09 UTC 2013
On 11/18/2013 06:28 AM, Pradipta Kr. Banerjee wrote:
> Creating a qemu VM with /dev/hwrng as backed RNG device throws the
> following error - "Could not open '/dev/hwrng': Operation not permitted"
> This patch fixes the issue
>
> Signed-off-by: Pradipta Kr. Banerjee <bpradip at in.ibm.com>
> ---
> src/qemu/qemu_cgroup.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
This is probably not the right fix. This says that we are making the
random device to all possible guests, and that a compromised guest can
then open() the device and starve it of entropy to the detriment of
other guests. I think the _real_ fix is to quit exposing /dev/random by
default (/dev/urandom may be okay), and to instead teach the code for
RNG devices to add an ACL change for either random device (/dev/random
or /dev/hwrng) only for the guests that actually use RNG backed by a
hardware device. That way, guests not using an RNG device cannot starve
entropy from guests that depend on it.
>
> diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
> index ace7e35..d9ebb30 100644
> --- a/src/qemu/qemu_cgroup.c
> +++ b/src/qemu/qemu_cgroup.c
> @@ -39,7 +39,7 @@
>
> static const char *const defaultDeviceACL[] = {
> "/dev/null", "/dev/full", "/dev/zero",
> - "/dev/random", "/dev/urandom",
> + "/dev/random", "/dev/urandom", "/dev/hwrng",
> "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
> "/dev/rtc", "/dev/hpet", "/dev/vfio/vfio",
> NULL,
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20131118/e9474e45/attachment-0001.sig>
More information about the libvir-list
mailing list