[lxc-devel] [PATCH] hwaddr templating

Mon Jan 6 23:59:00 UTC 2014

Quoting lxc at zitta.fr (lxc at zitta.fr):
> 
> Le 06/01/2014 20:01, Serge Hallyn a écrit :
> > Quoting Kent R. Spillner (kspillner at acm.org):
> >> On Mon, Jan 06, 2014 at 01:54:14PM +0100, Guillaume ZITTA wrote:
> >>> This chage introduce also a common randinit() function that could be
> >>> used to initialize random generator.
> >> Is there any reason to always prefer libc rand() over /dev/urandom?
> >> I realize the strength of the random numbers in this particular
> >> case probably isn't that important but if you want this randinit()
> >> to be more generally useful then perhaps it makes sense to change a
> >> few things now:
> I first tried with simple srand(time) and created a container with 3 nic
> => 3 same hwaddr :-(
> a minimal strength is necessary.
> >>> +void randinit(void)
> >>> +{
> >>> +    /*
> >>> +    srand pre-seed function based on /dev/urandom
> >>> +    */
> >>> +    FILE *f;
> >>> +    process_lock();
> >>> +    f = fopen("/dev/urandom", "r");
> >>> +    process_unlock();
> >>> +    if (f) {
> >> When will this ever fail on Linux?  Does Android provide /dev/urandom?
> > For one thing, when you're in a nested container and not allowed
> > to read /dev/urandom :)

> It works in simple container, why not in nested ? (if cgroup allow it)

Because cgroup can disallow it :)

> >>> +        unsigned int seed;
> >>> +        int ret = fread(&seed, sizeof(seed), 1, f);
> >>> +        if (ret != 1)
> >>> +            seed = time(NULL);
> >>> +        process_lock();
> >>> +        fclose(f);
> >>> +        process_unlock();
> >>> +        srand(seed);
> >>> +    } else
> >>> +        srand(time(NULL));
> >>> +}
> >> When reading this diff it just felt a little strange that when /dev/urandom
> >> is working we still only read one byte from it just to seed libc rand().
> >> What if instead of randinit() you introduced a new function that fills a
> >> buffer with the requested number of random ints, e.g.:
> > Do we need to worry about draining the entropy pool?  Keeping in
> > mind that unprivileged containers are now a reality...

> If we don't have access to /dev/urandom :
> What is the alternative to generate more than 1 address in 1 second ?
> The problem is that 2 parallel launch of lxc-create will generate same
> hwaddr.
> 
> can srand(time(NULL)+|getpid()+nicnumber) |limit the chances of collisions ?

Yeah that should be fine.

(Or you might just make sure to only call srand() once, so that getpid() is
enough and you can skip nicnumber)

-serge