diff options
author | Mike Frysinger <vapier@chromium.org> | 2018-01-18 01:21:46 -0500 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-01-18 17:40:52 -0800 |
commit | e56e045b18259399b424a0dd2cb8c53309478b71 (patch) | |
tree | 48e21762bf37e472f682f0b85d34542546ede97b /devices/src/virtio/rng.rs | |
parent | d48d7f10b56e74296eb065de995a23f1c6173547 (diff) | |
download | crosvm-e56e045b18259399b424a0dd2cb8c53309478b71.tar crosvm-e56e045b18259399b424a0dd2cb8c53309478b71.tar.gz crosvm-e56e045b18259399b424a0dd2cb8c53309478b71.tar.bz2 crosvm-e56e045b18259399b424a0dd2cb8c53309478b71.tar.lz crosvm-e56e045b18259399b424a0dd2cb8c53309478b71.tar.xz crosvm-e56e045b18259399b424a0dd2cb8c53309478b71.tar.zst crosvm-e56e045b18259399b424a0dd2cb8c53309478b71.zip |
rng: switch to /dev/urandom
There's no need to provide direct access to /dev/random to all guests, and we don't want them to be able to drain entropy from other VMs and from the host itself. BUG=chromium:800520 TEST=precq passes Change-Id: I94ea0755123ee7479ca83c07525ca870d42c637f Reviewed-on: https://chromium-review.googlesource.com/872890 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org>
Diffstat (limited to 'devices/src/virtio/rng.rs')
-rw-r--r-- | devices/src/virtio/rng.rs | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/devices/src/virtio/rng.rs b/devices/src/virtio/rng.rs index da5d40b..7bf6410 100644 --- a/devices/src/virtio/rng.rs +++ b/devices/src/virtio/rng.rs @@ -19,7 +19,7 @@ const QUEUE_SIZES: &'static [u16] = &[QUEUE_SIZE]; #[derive(Debug)] pub enum RngError { - /// Can't access /dev/random + /// Can't access /dev/urandom AccessingRandomDev(io::Error), } pub type Result<T> = std::result::Result<T, RngError>; @@ -110,9 +110,9 @@ pub struct Rng { } impl Rng { - /// Create a new virtio rng device that gets random data from /dev/random. + /// Create a new virtio rng device that gets random data from /dev/urandom. pub fn new() -> Result<Rng> { - let random_file = File::open("/dev/random") + let random_file = File::open("/dev/urandom") .map_err(RngError::AccessingRandomDev)?; Ok(Rng { kill_evt: None, |