Uhm, no. It's not. Unless the host provides actual entropy
information, you have a security hole.
Huh? We just can't assume it adds entropy. AFAICT rngd -H0 is what we want here.
If we use /dev/random in the host, we risk a DoS. But since /dev/randomThere is no point in feeding the host /dev/urandom to the guest (except for seeding, which can be handled through other means); it will do its own mixing anyway.
is 0666 on my system, perhaps noone actually cares?
Seeding is good, but unlikely to be done properly for first boot of some standard virtualized container. In practice, feeding /dev/urandom from the host will make /dev/urandom harder to predict in the guest.
The reason to provide anything at all from the host is to give it "golden" entropy bits.
But you did not address the DoS question: can we ignore it? Or are we trading off a DoS in the host against a potential security weakness in the guest?
If so, how do we resolve it?