On Wed, Apr 30, 2014 at 02:10:56PM +0200, Florian Weimer wrote: > On 04/30/2014 01:14 PM, Daniel P. Berrange wrote: > >On Tue, Apr 29, 2014 at 08:43:38PM +0200, Florian Weimer wrote: > >>The message at > >><https://mail.gnome.org/archives/ostree-list/2014-February/msg00010.html> > >>contains two boot traces from virtual machines which show that the > >>SSH key is generated before the kernel pool is sufficiently seeded. > > > >I'm wondering if the VMs that ostree is creating are being given a > >virtio-rng device ? If not that would probably be a good idea to > >enable to allow them to get entropy. VMs are generally starved of > >entropy even beyond the initial boot up stage, so a virtual RNG is > >generally useful. > > Interesting suggestion. I just used virt-manager to create the VM. > I don't see any trace for "rng" or "random" in the domain XML file. > If it is supported, I think it should be enabled by default.
I'm told that it isn't turned on by default, but you can add it to a VM post-install. Since it feeds VMs from the host's /dev/random or /dev/hwrng, there was a question mark as to whether it was right to enable it by default or not, and if so what kind of rate limiting might be wanted by default. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
