Re: [libvirt] [PATCH] Add hw random number generator (/dev/hwrng) to default qemu cgroup ACL

On 11/18/2013 06:28 AM, Pradipta Kr. Banerjee wrote: > Creating a qemu VM with /dev/hwrng as backed RNG device throws the > following error - "Could not open '/dev/hwrng': Operation not permitted" > This patch fixes the issue > > Signed-off-by: Pradipta Kr. Banerjee <bpradip(a)in.ibm.com&gt; > --- > src/qemu/qemu_cgroup.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) This is probably not the right fix. This says that we are making the random device to all possible guests, and that a compromised guest can then open() the device and starve it of entropy to the detriment of other guests. I think the _real_ fix is to quit exposing /dev/random by default (/dev/urandom may be okay), and to instead teach the code for RNG devices to add an ACL change for either random device (/dev/random or /dev/hwrng) only for the guests that actually use RNG backed by a hardware device. That way, guests not using an RNG device cannot starve entropy from guests that depend on it.

> > diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c > index ace7e35..d9ebb30 100644 > --- a/src/qemu/qemu_cgroup.c > +++ b/src/qemu/qemu_cgroup.c > @@ -39,7 +39,7 @@ > > static const char *const defaultDeviceACL[] = { > "/dev/null", "/dev/full", "/dev/zero", > - "/dev/random", "/dev/urandom", > + "/dev/random", "/dev/urandom", "/dev/hwrng", > "/dev/ptmx", "/dev/kvm", "/dev/kqemu", > "/dev/rtc", "/dev/hpet", "/dev/vfio/vfio", > NULL, >