Re: [libvirt] [PATCH] conf: Drop restrictions on rng backend path

On Wed, Apr 20, 2016 at 06:19:25PM -0400, Cole Robinson wrote: > Currently we only allow /dev/random and /dev/hwrng as host input > for <rng><backend model='random'/> device. This was added after > various upstream discussions in commit 4932ef45 > > However this restriction has generated quite a few complaints over > the years, so a new discussion was initiated: > > http://www.redhat.com/archives/libvir-list/2016-April/msg00987.html > > Several people suggested removing the restriction, and nobody really > spoke up to defend it. So this patch drops the path restriction > entirely ACK, despite explicit request for details, no one has been able to give a clear description of a security problem in using urandom. It has all just been hand-wavey assertions with nothing to back it up, against other people's analysis showing urandom to be safe.