Attachment 872882 Details for Bug 1074464 – Patch to allow /dev/urandom and make it default for virtio-rng "random" backend.

[patch] Patch to allow /dev/urandom and make it default for virtio-rng "random" backend.

libvirt-virtio-urandom.patch (text/plain), 3.24 KB, created by Michael Samuel on 2014-03-10 23:18:38 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michael Samuel

Created: 2014-03-10 23:18:38 UTC

Size: 3.24 KB

patch

obsolete

>diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
>index 7f90455..071ec7a 100644
>--- a/docs/formatdomain.html.in
>+++ b/docs/formatdomain.html.in
>@@ -4940,7 +4940,7 @@ qemu-kvm -net nic,model=? /dev/null
>   &lt;devices&gt;
>     &lt;rng model='virtio'&gt;
>       &lt;rate period="2000" bytes="1234"/&gt;
>-      &lt;backend model='random'&gt;/dev/random&lt;/backend&gt;
>+      &lt;backend model='random'&gt;/dev/urandom&lt;/backend&gt;
>       &lt;!-- OR --&gt;
>       &lt;backend model='egd' type='udp'&gt;
>         &lt;source mode='bind' service='1234'/&gt;
>@@ -4982,7 +4982,7 @@ qemu-kvm -net nic,model=? /dev/null
>           <code>model</code> attribute. Supported source models are:
>         </p>
>         <ul>
>-          <li>'random' &mdash; /dev/random (default) or /dev/hwrng
>+          <li>'random' &mdash; /dev/urandom (default) /dev/random or /dev/hwrng 
>             device as source (for now, no other sources are permitted)</li>
>           <li>'egd' &mdash; a EGD protocol backend</li>
>         </ul>
>@@ -4991,9 +4991,10 @@ qemu-kvm -net nic,model=? /dev/null
>       <dd>
>         <p>
>           This backend type expects a non-blocking character device as input.
>-          The only accepted paths are /dev/random and /dev/hwrng. The file
>-          name is specified as contents of the <code>backend</code> element.
>-          When no file name is specified the hypervisor default is used.
>+          The only accepted paths are /dev/urandom, /dev/random  and /dev/hwrng.
>+          The file name is specified as contents of the <code>backend</code> element.
>+          When no file name is specified the hypervisor default is used.  Note that
>+          using /dev/random may present a security risk and should be avoided.
>         </p>
>       </dd>
>       <dt><code>backend model='egd'</code></dt>
>diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
>index 601e7ac..77f49ea 100644
>--- a/docs/schemas/domaincommon.rng
>+++ b/docs/schemas/domaincommon.rng
>@@ -4087,6 +4087,7 @@
>           </attribute>
>           <choice>
>             <value>/dev/random</value>
>+            <value>/dev/urandom</value>
>             <value>/dev/hwrng</value>
>             <empty/>
>           </choice>
>diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
>index b6564c2..c1ff68a 100644
>--- a/src/conf/domain_audit.c
>+++ b/src/conf/domain_audit.c
>@@ -152,7 +152,7 @@ virDomainAuditRNG(virDomainObjPtr vm,
>             if (newDef->source.file)
>                 newsrcpath = newDef->source.file;
>             else
>-                newsrcpath = "/dev/random";
>+                newsrcpath = "/dev/urandom";
>             break;
> 
>         case VIR_DOMAIN_RNG_BACKEND_EGD:
>diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>index e1b0115..4ae5406 100644
>--- a/src/conf/domain_conf.c
>+++ b/src/conf/domain_conf.c
>@@ -8952,6 +8952,7 @@ virDomainRNGDefParseXML(xmlNodePtr node,
>         def->source.file = virXPathString("string(./backend)", ctxt);
>         if (def->source.file &&
>             STRNEQ(def->source.file, "/dev/random") &&
>+            STRNEQ(def->source.file, "/dev/urandom") &&
>             STRNEQ(def->source.file, "/dev/hwrng")) {
>             virReportError(VIR_ERR_XML_ERROR,
>                            _("file '%s' is not a supported random source"),

Actions: View | Diff

Attachments on bug 1074464: 872882 | 1073278