On 04/30/2014 01:14 PM, Daniel P. Berrange wrote:
On Tue, Apr 29, 2014 at 08:43:38PM +0200, Florian Weimer wrote:
The message at
<https://mail.gnome.org/archives/ostree-list/2014-February/msg00010.html>
contains two boot traces from virtual machines which show that the
SSH key is generated before the kernel pool is sufficiently seeded.
I'm wondering if the VMs that ostree is creating are being given a
virtio-rng device ? If not that would probably be a good idea to
enable to allow them to get entropy. VMs are generally starved of
entropy even beyond the initial boot up stage, so a virtual RNG is
generally useful.
Interesting suggestion. I just used virt-manager to create the VM. I
don't see any trace for "rng" or "random" in the domain XML file. If it
is supported, I think it should be enabled by default.
(But I see a similar issue on bare metal.)
--
Florian Weimer / Red Hat Product Security Team
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
