Re: [libvirt] should we use new Linux syscall getrandom(2)?

On Tue, Dec 09, 2014 at 12:57:25PM -0700, Eric Blake wrote: On 12/09/2014 09:49 AM, Daniel P. Berrange wrote: The question is how should we make use of it ? Should we use it as the seed for initstate_r, or just use it for virRandomBits directly ? Well, consider that libvirt might be

[libvirt] should we use new Linux syscall getrandom(2)?

Now that Linux has a syscall for getting secure random bytes, should we use that when available in our src/util/virrandom.c implementation? -- Eric Blake eblake redhat com+1-919-301-3266 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital

Re: [libvirt] should we use new Linux syscall getrandom(2)?

On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote: Now that Linux has a syscall for getting secure random bytes, should we use that when available in our src/util/virrandom.c implementation? Yes, we should. I remember reading a few weeks back that someone found our current random seed

Re: [libvirt] should we use new Linux syscall getrandom(2)?

On Tue, Dec 09, 2014 at 08:17:24AM -0700, Eric Blake wrote: On 12/09/2014 08:07 AM, Daniel P. Berrange wrote: On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote: Now that Linux has a syscall for getting secure random bytes, should we use that when available in our

Re: [libvirt] should we use new Linux syscall getrandom(2)?

On 12/09/2014 08:07 AM, Daniel P. Berrange wrote: On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote: Now that Linux has a syscall for getting secure random bytes, should we use that when available in our src/util/virrandom.c implementation? Yes, we should. I remember reading a few

Re: [libvirt] should we use new Linux syscall getrandom(2)?

On 09.12.2014 16:07, Daniel P. Berrange wrote: On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote: Now that Linux has a syscall for getting secure random bytes, should we use that when available in our src/util/virrandom.c implementation? Yes, we should. I remember reading a few weeks

Re: [libvirt] should we use new Linux syscall getrandom(2)?

On Tue, Dec 09, 2014 at 05:29:51PM +0100, Michal Privoznik wrote: On 09.12.2014 16:07, Daniel P. Berrange wrote: On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote: Now that Linux has a syscall for getting secure random bytes, should we use that when available in our

Re: [libvirt] should we use new Linux syscall getrandom(2)?

On Tue, Dec 09, 2014 at 05:46:54PM +0100, Michal Privoznik wrote: On 09.12.2014 17:36, Daniel P. Berrange wrote: On Tue, Dec 09, 2014 at 05:29:51PM +0100, Michal Privoznik wrote: On 09.12.2014 16:07, Daniel P. Berrange wrote: On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote: Now

Re: [libvirt] should we use new Linux syscall getrandom(2)?

On 09.12.2014 17:36, Daniel P. Berrange wrote: On Tue, Dec 09, 2014 at 05:29:51PM +0100, Michal Privoznik wrote: On 09.12.2014 16:07, Daniel P. Berrange wrote: On Tue, Dec 09, 2014 at 08:03:13AM -0700, Eric Blake wrote: Now that Linux has a syscall for getting secure random bytes, should we

Re: [libvirt] should we use new Linux syscall getrandom(2)?

On 12/09/2014 09:49 AM, Daniel P. Berrange wrote: The question is how should we make use of it ? Should we use it as the seed for initstate_r, or just use it for virRandomBits directly ? Well, consider that libvirt might be run in a VM with snapshot. IIUC nowadays when the VM is started