On 04/30/2014 02:28 PM, Daniel P. Berrange wrote:
Interesting suggestion. I just used virt-manager to create the VM.
I don't see any trace for "rng" or "random" in the domain XML file.
If it is supported, I think it should be enabled by default.
I'm told that it isn't turned on by default, but you can add it to
a VM post-install. Since it feeds VMs from the host's /dev/random
or /dev/hwrng, there was a question mark as to whether it was right
to enable it by default or not, and if so what kind of rate limiting
might be wanted by default.
Ah, so it builds down to our distrust of hardware RNGs? How annoying.
We should be able to trust Fedora-on-Fedora (or Debian-on-Debian or
whatever) scenarios. But I get that in the general case, it's
impossible to know what's on the other side of the virtio_rng side, so
reservations remain.
--
Florian Weimer / Red Hat Product Security Team
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
