On Wed, Apr 20, 2016 at 06:19:25PM -0400, Cole Robinson wrote:
Currently we only allow /dev/random and /dev/hwrng as host input for <rng><backend model='random'/> device. This was added after various upstream discussions in commit 4932ef45
However this restriction has generated quite a few complaints over the years, so a new discussion was initiated:
http://www.redhat.com/archives/libvir-list/2016-April/msg00987.html
Several people suggested removing the restriction, and nobody really spoke up to defend it. So this patch drops the path restriction entirely
ACK, despite explicit request for details, no one has been able to give a clear description of a security problem in using urandom. It has all just been hand-wavey assertions with nothing to back it up, against other people's analysis showing urandom to be safe. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|