On 11/18/2013 06:28 AM, Pradipta Kr. Banerjee wrote:
> Creating a qemu VM with /dev/hwrng as backed RNG device throws the
> following error - "Could not open '/dev/hwrng': Operation not permitted"
> This patch fixes the issue
>
> Signed-off-by: Pradipta Kr. Banerjee <bpradip@xxxxxxxxxx>
> ---
> src/qemu/qemu_cgroup.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
This is probably not the right fix. This says that we are making the
random device to all possible guests, and that a compromised guest can
then open() the device and starve it of entropy to the detriment of
other guests. I think the _real_ fix is to quit exposing /dev/random by
default (/dev/urandom may be okay), and to instead teach the code for
RNG devices to add an ACL change for either random device (/dev/random
or /dev/hwrng) only for the guests that actually use RNG backed by a
hardware device. That way, guests not using an RNG device cannot starve
entropy from guests that depend on it.
>
> diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
> index ace7e35..d9ebb30 100644
> --- a/src/qemu/qemu_cgroup.c
> +++ b/src/qemu/qemu_cgroup.c
> @@ -39,7 +39,7 @@
>
> static const char *const defaultDeviceACL[] = {
> "/dev/null", "/dev/full", "/dev/zero",
> - "/dev/random", "/dev/urandom",
> + "/dev/random", "/dev/urandom", "/dev/hwrng",
> "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
> "/dev/rtc", "/dev/hpet", "/dev/vfio/vfio",
> NULL,
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list