Entropy poolsize

Entropy poolsize

[Weedy]

I know grsecurity has a option for this but I don't want to patch my
kernel with it at this time. I have been poking around random.c but I
can't seem to figure out where .poolsize is assigned it's value and
how to increase it.

If someone could point it out that would be nice.

Thank you for your time.

Re: Entropy poolsize

[Randy Dunlap]

On Mon, 21 Jun 2010 09:58:16 -0400 Weedy wrote:

> I know grsecurity has a option for this but I don't want to patch my
> kernel with it at this time. I have been poking around random.c but I
> can't seem to figure out where .poolsize is assigned it's value and
> how to increase it.
> 
> If someone could point it out that would be nice.
> 
> Thank you for your time.
> --

Do you mean this one in drivers/char/random.c or something else?

static int sysctl_poolsize = INPUT_POOL_WORDS * 32;

It's a sysctl, so it is tunable.

---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***

Re: Entropy poolsize

[Weedy]

Man I need to remember to hit reply-to-all

On Mon, Jun 21, 2010 at 3:56 PM, Randy Dunlap <randy.dunlap@oracle.com> wrote:
> On 06/21/10 12:48, Weedy wrote:
>> On Mon, Jun 21, 2010 at 11:51 AM, Randy Dunlap <randy.dunlap@oracle.com> wrote:
>>> On Mon, 21 Jun 2010 09:58:16 -0400 Weedy wrote:
>>>
>>>> I know grsecurity has a option for this but I don't want to patch my
>>>> kernel with it at this time. I have been poking around random.c but I
>>>> can't seem to figure out where .poolsize is assigned it's value and
>>>> how to increase it.
>>>>
>>>> If someone could point it out that would be nice.
>>>>
>>>> Thank you for your time.
>>>> --
>>>
>>> Do you mean this one in drivers/char/random.c or something else?
>>>
>>> static int sysctl_poolsize = INPUT_POOL_WORDS * 32;
>>>
>>> It's a sysctl, so it is tunable.
>> It's locked, some kind of security risk many kernels ago. I'll try
>> changing that but I thought I tried it once before.
>
> Ah, it's mode is 0444 (read-only).  Sorry I missed that piece.
> Sure, you could change the mode for your own use (rebuild the kernel).

 # cat /proc/sys/kernel/random/poolsize
16384
cat /proc/sys/kernel/random/entropy_avail
4096

I guess there is more to it.

Re: Entropy poolsize

[Weedy]

On Tue, Jun 22, 2010 at 7:21 PM, Weedy <weedy2887@gmail.com> wrote:
> Man I need to remember to hit reply-to-all
>
> On Mon, Jun 21, 2010 at 3:56 PM, Randy Dunlap <randy.dunlap@oracle.com> wrote:
>> On 06/21/10 12:48, Weedy wrote:
>>> On Mon, Jun 21, 2010 at 11:51 AM, Randy Dunlap <randy.dunlap@oracle.com> wrote:
>>>> On Mon, 21 Jun 2010 09:58:16 -0400 Weedy wrote:
>>>>
>>>>> I know grsecurity has a option for this but I don't want to patch my
>>>>> kernel with it at this time. I have been poking around random.c but I
>>>>> can't seem to figure out where .poolsize is assigned it's value and
>>>>> how to increase it.
>>>>>
>>>>> If someone could point it out that would be nice.
>>>>>
>>>>> Thank you for your time.
>>>>> --
>>>>
>>>> Do you mean this one in drivers/char/random.c or something else?
>>>>
>>>> static int sysctl_poolsize = INPUT_POOL_WORDS * 32;
>>>>
>>>> It's a sysctl, so it is tunable.
>>> It's locked, some kind of security risk many kernels ago. I'll try
>>> changing that but I thought I tried it once before.
>>
>> Ah, it's mode is 0444 (read-only).  Sorry I missed that piece.
>> Sure, you could change the mode for your own use (rebuild the kernel).
>
>  # cat /proc/sys/kernel/random/poolsize
> 16384
> cat /proc/sys/kernel/random/entropy_avail
> 4096
>
> I guess there is more to it.
>

Bump