Re: [PATCH v43 01/15] Linux Random Number Generator

From: Alexander E. Patrakov
Date: Tue Jan 11 2022 - 05:02:23 EST

Next message: Karsten Graul: "Re: [PATCH net] net/smc: Avoid setting clcsock options after clcsock released"
Previous message: Jochen Mades: "Re: [PATCH] Bugfix RTS line config in RS485 mode is overwritten in pl011_set_mctrl() function."
In reply to: Matthew Garrett: "Re: [PATCH v43 01/15] Linux Random Number Generator"
Next in thread: Matthew Garrett: "Re: [PATCH v43 01/15] Linux Random Number Generator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(resending without HTML this time, sorry for a possible duplicate)
вт, 11 янв. 2022 г. в 09:13, Matthew Garrett <mjg59@xxxxxxxxxxxxx>:
> The goal is to identify a solution that avoids the enterprise kernels
> needing to do their own thing. They're in a position to globally
> LD_PRELOAD something to thunk getrandom() to improve compatibility if
> they want to, and they're also able to define the expected level of
> breakage if you enable FIPS mode. An approach that allows a single
> kernel to provide different policies in different contexts (eg,
> different namespaces could have different device nodes providing
> /dev/random) makes it easier to configure that based on customer
> requirements.

LD_PRELOAD is not a solution because of containers (that need to be
modified to make use of the preloadable library) and statically-linked
binaries.

--
Alexander E. Patrakov

Next message: Karsten Graul: "Re: [PATCH net] net/smc: Avoid setting clcsock options after clcsock released"
Previous message: Jochen Mades: "Re: [PATCH] Bugfix RTS line config in RS485 mode is overwritten in pl011_set_mctrl() function."
In reply to: Matthew Garrett: "Re: [PATCH v43 01/15] Linux Random Number Generator"
Next in thread: Matthew Garrett: "Re: [PATCH v43 01/15] Linux Random Number Generator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]