Assuming the host is not sharing its entropy with the unpriviliged guest container I tried haveged in the guest with this result however.
haveged.service: Failed to set up network namespacing: Permission denied
haveged.service: Failed at step NETWORK spawning /usr/bin/haveged: Permission denied
Tried with a Unbuntu guest and though there is no error output the deamon just stays dead.
is there perhaps a workaround to provision an entropy daemon in in unprivilged containers?
Any hardware (/dev/random) based RNG will fail in an unprivileged LXC environment thus.
Would be good to have a paravirtual random number generator available but suppose that would need a kernel driver or a resource sharing wrapper around /dev/random with tenants limited to a certain share of allocation of data