From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NHK3j-0002B6-5K
	for qemu-devel@nongnu.org; Sun, 06 Dec 2009 11:34:07 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NHK3h-0002A1-UD
	for qemu-devel@nongnu.org; Sun, 06 Dec 2009 11:34:06 -0500
Received: from [199.232.76.173] (port=39296 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NHK3h-00029y-Qw
	for qemu-devel@nongnu.org; Sun, 06 Dec 2009 11:34:05 -0500
Received: from bhuna.collabora.co.uk ([93.93.128.226]:39616)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <ian.molton@collabora.co.uk>) id 1NHK3h-0003mG-Fe
	for qemu-devel@nongnu.org; Sun, 06 Dec 2009 11:34:05 -0500
Message-ID: <4B1BDCCA.5080208@collabora.co.uk>
Date: Sun, 06 Dec 2009 16:33:14 +0000
From: Ian Molton <ian.molton@collabora.co.uk>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Socket reconnection.
References: <4B0DCC45.5080308@collabora.co.uk>	<20091127090158.GB15458@shareable.org>	<4B15042F.1060101@collabora.co.uk>
	<20091206143234.GA22994@shareable.org>
In-Reply-To: <20091206143234.GA22994@shareable.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jamie Lokier <jamie@shareable.org>
Cc: qemu-devel@nongnu.org

Jamie Lokier wrote:
> Ian Molton wrote:
>> Jamie Lokier wrote:
>>
>>> I'm a bit puzzled.
>>>
>>> Why isn't virtio-rng getting entropy from /dev/random on the host?
>> /dev/random may not be available.
> 
> Understood on a non-Linux host.

Or a linux host with a user with insufficient privs...

>> Besides, not all entropy comes from /dev/random.
> 
> On a Linux host, why isn't rngd simply injecting it's entropy into
> /dev/random where it would be more convenient to access?  (No need for
> socket reconnection code, for example).

Who knows? lack of privs, an admin who only uses egd, a machine which is
being fed entropy by egd via a tunnel. User doesnt trust /dev/random,
/dev/random known to be failing FIPS tests on a shared machine - there
could be any number of reasons. In our case, entropy is comming from
hardware via egd, to be used in the guest VMs. why feed it into RNGD,
then the hosts entropy pool, THEN the guests - just feed them directly.
the egd daemon in this case also offers load balancing to all consumers
of entropy.

Since we need this on hosts without /dev/random anyway, I dont see why
we would need to deliberately cripple qemu on linux hosts...

-Ian