On Thu, Jul 24, 2014 at 4:24 PM, Theodore Ts'o <tytso@xxxxxxx> wrote: > On Thu, Jul 24, 2014 at 05:30:19PM -0300, Henrique de Moraes Holschuh wrote: >> > I wouldn't add the error to the man page until we actually modify the >> > kernel to add such a restriction. >> >> By then, it might be too late. It would be really sad to find ourselves >> forced to return ENOSYS to getrandom(GRND_RANDOM) when we actually wanted to >> return EPERM/EACCES. > > I wouldn't worry about. The reality is that anyone using GRND_RANDOM > has to be checking for error codes anyway, and if they do something > stupid because the system call returns EPERM/EACCESS when they weren't > expecting it, again, they are much more likely to be making many other > fatal mistakes anyway. > > In general, all system calls can return errno's other than the ones > documented in the man page. This is certainly true for open(2), and > read(2) if you are using a network file system such as NFS. Someone > who assumes that the only errors that they have to handle is the list > in the man page, and assumes that this list is an exhaustive listing > of all possible errors, is going to be in a *world* of hurt. > > I don't think it's necessary to add a sentence that other errors can > be returned in the future, and users much check for other errors, but > if you really think people are that stupid that we need to say > something which is true for every single system call in Linux, we can > do that.... I think that people might do: try getrandom(GRND_RANDOM) fall back to /dev/random fall back to something intensely stupid We want them to at least attempt the fallback from GRND_RANDOM to !GRND_RANDOM. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html