On 04/26/2016 11:07 AM, Daniel P. Berrange wrote: > On Wed, Apr 20, 2016 at 06:19:25PM -0400, Cole Robinson wrote: >> Currently we only allow /dev/random and /dev/hwrng as host input >> for <rng><backend model='random'/> device. This was added after >> various upstream discussions in commit 4932ef45 >> >> However this restriction has generated quite a few complaints over >> the years, so a new discussion was initiated: >> >> http://www.redhat.com/archives/libvir-list/2016-April/msg00987.html >> >> Several people suggested removing the restriction, and nobody really >> spoke up to defend it. So this patch drops the path restriction >> entirely > > ACK, despite explicit request for details, no one has been able to > give a clear description of a security problem in using urandom. > It has all just been hand-wavey assertions with nothing to back > it up, against other people's analysis showing urandom to be safe. > Thanks, I've pushed the patch now - Cole -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list