Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp696796iob; Tue, 3 May 2022 07:51:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyf6IVbRcR5Pga09nVTCuEb+bH5vKqcUV+RGMmJ6dfQqN3lgpKEmnoIGgiSgY5Yt3D+yg7e X-Received: by 2002:a05:6402:296:b0:427:e497:29ef with SMTP id l22-20020a056402029600b00427e49729efmr3456190edv.399.1651589478005; Tue, 03 May 2022 07:51:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651589477; cv=none; d=google.com; s=arc-20160816; b=DoaRgJpC75fSn0fJRlV2h29p4cWl77dSug/zV6Fl9tKC//cj217Dxk2GaQAh9rpLjf VQdEUA5KcbtZIW54YJjjDYoUc33xjf35U2Pb/HSn8TOjgHAcLSuiUi57wEv+wDhZE02K gCrdzF29GRK30Xv2Vnf/QpnGNZDGyM78/+i8nTAA1dAXCAj3uwaojMh5qQSGRkVDczJU 7Z4X5RzQ1x4Nsm9wpHheFZtbc9wAt9GztIGhMZ8HTL1IzLQvymAoSwxyqdWZRhRr69sh nqIdsiY9IM8dFln66YpaYW+1cgXbCcKrOLVXKD+Z8VG6c3NEvmZW2565XPfxFTi0wSoy yJdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=1+nSfhTng5nR6ShSHNZz9R80FgbRQyRLFa0yJ5I/sXY=; b=QGhVtHCBbWFR/Ne4l9Hcah7umbZZ3lWZLnWYhROD/AyT63Wbfx1AM7QdezkoCgttIp iIzFzVVdtTmA++ydtL1EgcMsRVwUEvPdyMGSL5lBH6rJsrRk1KvtLtVPFxp1Hh7H5cU5 8exNHNxsLOFdvmqk+VW92vCudYyCPoEC33WuhbP6uVUkrPS2oxwHIAZld8ymslFIv5hE 068niO5mG7CEqpNNmEDuj9hrL5Co+4Y/3PKJ8zv9dOTZMWzFAs8tG3O0pTAqk8hNS5k4 pezuSPATWQ+dPvuPfcX0dN9AGLGJvyhgnNBS/8XxDCdVAIzIfSOTHnq/RkA/jbPDYuQi GJiQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u11-20020aa7db8b000000b00424085b80c5si13468947edt.215.2022.05.03.07.50.53; Tue, 03 May 2022 07:51:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235482AbiECMqg (ORCPT + 99 others); Tue, 3 May 2022 08:46:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233245AbiECMqe (ORCPT ); Tue, 3 May 2022 08:46:34 -0400 Received: from gardel.0pointer.net (gardel.0pointer.net [IPv6:2a01:238:43ed:c300:10c3:bcf3:3266:da74]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 033EF1CB05; Tue, 3 May 2022 05:43:01 -0700 (PDT) Received: from gardel-login.0pointer.net (gardel-mail [85.214.157.71]) by gardel.0pointer.net (Postfix) with ESMTP id 068E7E804AA; Tue, 3 May 2022 14:43:00 +0200 (CEST) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id 89B62160062; Tue, 3 May 2022 14:42:59 +0200 (CEST) Date: Tue, 3 May 2022 14:42:59 +0200 From: Lennart Poettering To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, Dominik Brodowski , Greg Kroah-Hartman , Theodore Ts'o , Alexander Graf , Colm MacCarthaigh , Torben Hansen , Jann Horn Subject: Re: [PATCH 2/2] random: add fork_event sysctl for polling VM forks Message-ID: References: <20220502140602.130373-1-Jason@zx2c4.com> <20220502140602.130373-2-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Di, 03.05.22 12:07, Jason A. Donenfeld (Jason@zx2c4.com) wrote: > I wouldn't be so sure here... Some people have processes around, "always > start out from the same place", like for build machines, and employ a > single VM snapshot that's always rewound after use. It's never forked > into multiple snapshots, but just always goes back to that same starting > point. At sometimes it's futile phantasizing which exotic usecases people might have. > > > >From the perspective of randomness, both of these events imply the same > > > thing. The situation is BAD; reseed immediately. From the perspective of > > > MAC addresses, though, these events would imply different behavior, > > > right? So it seems like vmgenid might need an additional field for this > > > use case. Relatedly, VMware has that prompt where you select about your > > > VM whether, "I moved it" or "I copied it." Presumably something like > > > that would play a part in what is decided as part of this hypothetical > > > second field. > > > > networkd doesn't change MAC addresses in the middle of everything, but > > only when a network interface is downed and upped again. This for > > example happens when a link beat goes away and comes back. In the > > rewind-2min case i'd assume the link beat would probably be restored > > to what it was 2min ago (and thus stay online), but in the clone case > > it would probably drop momentarily and be restored than, to tell > > software to reacquire dhcp and so on. > > That sounds like it's going to be sort of confusing. Let's say we've got > some VM scenario in which rewinds are common due to whatever weird > process (such as a build machine that wants to start out at the same > place each time). During its course of execution, it reboots, or maybe > there's some network connectivity issue and the link goes down. In that > case, when the link comes up, it's going to have a different MAC > address? That doesn't make much sense to me, but maybe I'm missing some > bigger picture detail. It's still better than sticking to the same MAC address for all clones in all cases... Dunno, in systemd the MAC address policies are configurable, for a reason. We'll never find a default that really makes everyone happy. Some people prefer the anonmymity of randomized MAC addresses, others like the stability promises of hashed MAC addresses. We support both policies. I think it would make sense to add a policy that says "stable MAC until the first clone, then random" for example. In fact I think it's a choice that has the chance of being a better default than the current "always stable" approach we employ. So at the very least we should have the option to come up with a policy taking vm generations into account, it's a separate discussion to decide whether to make it opt-in or the default then, and I doubt that part of the discussion really matters here... Lennart -- Lennart Poettering, Berlin