On September 3, 2024 3:58 pm, Filip Schauer wrote: > On 02/09/2024 14:21, Fabian Grünbichler wrote: >> IIRC this was intentional, since passing in the hardware RNG can starve >> the host of entropy rather quickly. is this no longer the case, or >> handled by some other check? if so, please include these details here. >> if not, then I don't think we want to go with this patch - but maybe we >> want to tighten some other code paths instead 😉 > > > Reading from /dev/urandom has never consumed entropy and reading from > /dev/random no longer poses a concern since the kernel no longer uses a > blocking entropy pool. [1] The only potential issue might be the > starvation of the hardware RNG when /dev/hwrng is used. So we might not > want to allow a non-root user to configure /dev/hwrng, but letting > non-root users configure the other two options (/dev/urandom and > /dev/random) seems reasonable.
yes, I was talking about the hardware RNG! > It might make sense to only allow non-root users to configure > /dev/urandom and /dev/random as RNG sources. we could also define some sort of mapping-like thing for the hardware RNG to allow semi-privileged users to pass it through, after a highly privileged user set it up and gave them access? but we could wait until somebody requests that ;) > > [1] https://lwn.net/Articles/808575/ > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
