On Tue, Jan 11, 2022 at 02:57:54PM +0500, Alexander E. Patrakov wrote: > LD_PRELOAD is not a solution because of containers and statically-linked > binaries. No, it doesn't solve all problems, but the question is whether it needs to. We're talking about the scenario where: a) a customer requires FIPS compliance, and b) the customer has an app that calls getrandom() and doesn't fallback, and c) they're doing so with statically linked binaries or container infrastructure that doesn't allow injection of other libraries How common is this? Does the kernel need to solve this scenario?