Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBE5FC433EF for ; Tue, 11 Jan 2022 10:02:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348386AbiAKKCX (ORCPT ); Tue, 11 Jan 2022 05:02:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237046AbiAKKCU (ORCPT ); Tue, 11 Jan 2022 05:02:20 -0500 Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8438FC06173F; Tue, 11 Jan 2022 02:02:19 -0800 (PST) Received: by mail-io1-xd2a.google.com with SMTP id w22so11101483iov.3; Tue, 11 Jan 2022 02:02:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YmlpQBVfySpCt/YYkAns1X1WN6EovAoYf8bIgONcDcg=; b=UbBw4wf53T+Uo1yqOpzWKAyMUtWUAKi4Kw19l8W5Z/vlOUelClaC+MlKo+ZuWhb6ei mqT6G9Xz5EMqcwEBnjT40s42YFdURzCnIth2t+ywuB8AvKV2XnFdc4EPTVmockGuJZiD wDOdwAf/IuOocSMpM2Wvfpp7jpumg+G8oHf2fG3cQEfyrh/tDluNESdHlaFs9PJO+ZU1 /82wLNc50v9VRxZyr0alOiw6mGFte4/mV6N0f3rqOujXT5fiTsvcF9gKhBCXBb8m1Y3b L+r/wq8AiXaktdqZbs8Cw+RTwQgqJiGDrDIcXYvSlZouqtGK81V4+VGojseKeBiW5DwQ KPiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YmlpQBVfySpCt/YYkAns1X1WN6EovAoYf8bIgONcDcg=; b=sNDVC8vQcAcrBzdAHni+wPrHdAUMLR/3bjFbGAWwJehuKhsa6TU+rnETHVmbrvpcns Fs8jBkf19NCHkXlQ6g6f3KLQR9r1A6QqPKmA7Q/gjnrCThLSkywDpeUKUlvdxswdGEs/ fppZmCZ7M5krdlfjL4xdyNdUhKwNrD3xDIJHnpsXeik7SBUjEKrukuAXuSL0i64W7uSi mbwoRdZP0aKxX7twI7Awq9baeWq9etr4i2NT2wId9Ii6Yi0pYI+4lYum0TQdyOvGw2bi bSoAWkY5L41Dh4usl00/3QmCxh/h2gqJR3jrjo64ON84a4olA54kmiuqqSjt6PU4REqI A0UQ== X-Gm-Message-State: AOAM53264oepa6sTVF+DgEQWYoUuj0h5x9tel7j9XTgLQLNvpFcof7Sb Bjs1nh3dg1YbSMhiRYwOHi2/v5BqLV5JkrHs+0M= X-Google-Smtp-Source: ABdhPJyPov8/v7hiYlAGc60n72Zio2+eWIijGDHfzGsLcCrojJoeESesdRdL+54CVKalEgzaE0uQTZ74cpxlyVPkLGY= X-Received: by 2002:a05:6638:251:: with SMTP id w17mr1836768jaq.315.1641895338977; Tue, 11 Jan 2022 02:02:18 -0800 (PST) MIME-Version: 1.0 References: <20220111041349.GA5542@srcf.ucam.org> In-Reply-To: <20220111041349.GA5542@srcf.ucam.org> From: "Alexander E. Patrakov" Date: Tue, 11 Jan 2022 15:01:42 +0500 Message-ID: Subject: Re: [PATCH v43 01/15] Linux Random Number Generator To: Matthew Garrett Cc: "Theodore Ts'o" , Andy Lutomirski , "Jason A. Donenfeld" , Marcelo Henrique Cerri , Simo Sorce , Greg Kroah-Hartman , Jeffrey Walton , Stephan Mueller , Linux Crypto Mailing List , Willy Tarreau , Nicolai Stange , Linux Kernel Mailing List , Arnd Bergmann , "Eric W. Biederman" , "Ahmed S. Darwish" , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , zhangjs , Florian Weimer , Lennart Poettering , Peter Matthias , Neil Horman , Randy Dunlap , Julia Lawall , Dan Carpenter , Andy Lavr , Petr Tesarik , John Haxby , Alexander Lobakin , Jirka Hladky , Eric Biggers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org (resending without HTML this time, sorry for a possible duplicate) =D0=B2=D1=82, 11 =D1=8F=D0=BD=D0=B2. 2022 =D0=B3. =D0=B2 09:13, Matthew Gar= rett : > The goal is to identify a solution that avoids the enterprise kernels > needing to do their own thing. They're in a position to globally > LD_PRELOAD something to thunk getrandom() to improve compatibility if > they want to, and they're also able to define the expected level of > breakage if you enable FIPS mode. An approach that allows a single > kernel to provide different policies in different contexts (eg, > different namespaces could have different device nodes providing > /dev/random) makes it easier to configure that based on customer > requirements. LD_PRELOAD is not a solution because of containers (that need to be modified to make use of the preloadable library) and statically-linked binaries. --=20 Alexander E. Patrakov