Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
interfaces: add random interface #3045
Conversation
femdom
added some commits
Mar 17, 2017
All checks have failed
All checks have failed
All checks have failed
All checks have failed
All checks have failed
niemeyer
requested changes
Mar 17, 2017
We can probably name this as simply "random", and include in this interface any random-number generation infrastructure available in the system.
Otherwise, just a few notes:
| + allow-installation: | ||
| + slot-snap-type: | ||
| + - core | ||
| + deny-auto-connection: true |
| +# Description: Allow access to the hardware random number generator device - /dev/hwrng | ||
| + | ||
| +/dev/hwrng rw, | ||
| +/devices/virtual/misc/hw_random rw, |
niemeyer
changed the title from
Adds hw-random interface
to
interfaces: add random interface
Mar 17, 2017
femdom
added some commits
Mar 17, 2017
Some checks were not successful
Some checks were not successful
|
@niemeyer , I fixed the code after your comments. For the some reason tests fail because of timeout. |
niemeyer
requested a review
from
jdstrand
Mar 20, 2017
|
@femdom Thanks. We had some issues last week with test machine contention (too many tests, not enough machines), which resulted in them waiting too much for a machine to be available. Situation is normalized now and I've restarted the test. @jdstrand can you please have a look at this one when you have a moment? |
|
Travis tests passing. |
stolowski
added some commits
Mar 27, 2017
All checks have passed
|
@femdom FYI, I've updated this PR for the latest API changes. |
|
Thanks, @stolowski! Checks passed! |
jdstrand
requested changes
Mar 27, 2017
Several open questions in addition to requested changes.
@niemeyer - you should weigh in on 'hardware-random' vs 'hardware-random-control' and 'hardware-random-observe'.
| + allow-installation: | ||
| + slot-snap-type: | ||
| + - core | ||
| + allow-auto-connection: true |
jdstrand
Mar 27, 2017
•
Edited 1 time
-
jdstrand
Mar 27, 2017
Contributor
-
Mar 27, 2017
I think this should be renamed to hardware-random or even hardware-random-control since random implies /dev/random and /dev/urandom and we already allow access to those by default.
I also think this should be: deny-auto-connection: true since direct access to /dev/hwrng is not normally needed and typically only used by applications such as rng-tools to mix /dev/hwrng into kernel entropy. More importantly, a hardware-specific kernel driver for /dev/hwrng could be implemented in any number of ways including with weak (or non-existent) entropy (the kernel does not perform any fitness tests). Since this interface allows changing the hwrng via sysfs, it is possible to switch out a stronger rng for a weaker one and this is something that should not be auto-connected.
Perhaps this could be broken out into two interfaces:
- hardware-random-observe - read access to relevant files from this PR, manually connected
- hardware-random-control - all of hardware-random-observe plugs write access to /sys/class/misc/hw_random/rng_current for changing the hwrng, manually connected
I would argue that hardware-random-observe would still be a manual connection because the access is not typically needed, the device may not be provided by the kernel and there is no guarantee that the fitness of the device is good (ie, the gadget developer or device owner should decide whether a snap should use /dev/hwrng).
| +) | ||
| + | ||
| +const randomConnectedPlugAppArmor = ` | ||
| +# Description: Allow access to the hardware random number generator device - /dev/hwrng |
jdstrand
Mar 27, 2017
Contributor
Please change this to:
# Description: allow direct access to the hardware random number generator device. Usually,
# the default access to /dev/random is sufficient, but this allows applications such as rng-tools
# to use /dev/hwrng directly or change the hwrng via sysfs. For details, see
# https://www.kernel.org/doc/Documentation/hw_random.txt
| +const randomConnectedPlugAppArmor = ` | ||
| +# Description: Allow access to the hardware random number generator device - /dev/hwrng | ||
| + | ||
| +/dev/hwrng rw, |
zyga
May 8, 2017
Contributor
Done though have a look, I'm not sure if the control-vs-observe split applies here
| +# Description: Allow access to the hardware random number generator device - /dev/hwrng | ||
| + | ||
| +/dev/hwrng rw, | ||
| +/sys/devices/virtual/misc/hw_random rw, |
jdstrand
Mar 27, 2017
Contributor
This is a directory, not a file. This rule should be:
/sys/devices/virtual/misc/ r,
/sys/devices/virtual/misc/hw_random/rng_{available,current} r,
# Allow changing the hwrng
/sys/devices/virtual/misc/hw_random/rng_current w,
The above assumes you actually need write access to /sys/devices/virtual/misc/hw_random/rng_current. Do you?
You should also add this rule:
/run/udev/data/c10:183 r,
|
Understood, thanks. |
|
@femdom - just to be clear, please don't make any changes just yet until these open questions are answered. |
|
Just updating the ticket. Let me know if I can fix addressed issues. |
zyga
added some commits
May 8, 2017
Some checks were not successful
|
I just updated this according to @jdstrand specification. Let me know if there's anything more needed, I can quickly iterate and hopefully land this interface. |
zyga
added some commits
May 8, 2017
All checks have passed
All checks have passed
jdstrand
approved these changes
May 8, 2017
Approving since my feedback is all nitpicks, but please update before committing.
BTW - thanks for the alphabetizing! :)
| +# Description: allow direct access to the hardware random number generator device. Usually, | ||
| +# the default access to /dev/random is sufficient, but this allows applications such as rng-tools | ||
| +# to use /dev/hwrng directly or change the hwrng via sysfs. For details, see | ||
| +# https://www.kernel.org/doc/Documentation/hw_random.txt |
| +/sys/devices/virtual/misc/hw_random/rng_{available,current} r, | ||
| +# Allow changing the hwrng | ||
| +/sys/devices/virtual/misc/hw_random/rng_current w, | ||
| +/run/udev/data/c10:183 r, |
jdstrand
May 8, 2017
Contributor
Can you move this to below /dev/hwrng? It corresponds to that device and this access isn't needed for changing the hwrng. I also like to have blcnks lines before comments in policy, for readability. Eg:
+/dev/hwrng rw,
 +/run/udev/data/c10:183 r,
 +/sys/devices/virtual/misc/ r,
 +/sys/devices/virtual/misc/hw_random/rng_{available,current} r,
+
+# Allow changing the hwrng
 +/sys/devices/virtual/misc/hw_random/rng_current w,
| +} | ||
| + | ||
| +func (iface *HardwareRandomControlInterface) AutoConnect(*interfaces.Plug, *interfaces.Slot) bool { | ||
| + return true |
jdstrand
May 8, 2017
Contributor
Can you add above this 'return' (for consistency with other interfaces):
// Allow what is allowed in the declarations
| +/dev/hwrng r, | ||
| +/sys/devices/virtual/misc/ r, | ||
| +/sys/devices/virtual/misc/hw_random/rng_{available,current} r, | ||
| +/run/udev/data/c10:183 r, |
| +} | ||
| + | ||
| +func (iface *HardwareRandomObserveInterface) AutoConnect(*interfaces.Plug, *interfaces.Slot) bool { | ||
| + return true |
jdstrand
May 8, 2017
Contributor
and add above this 'return':
// Allow what is allowed in the declarations
zyga
added some commits
May 8, 2017
femdom commentedMar 17, 2017
Allow access to the /dev/hwrng device (used in the Raspberry Pi).