3.0 - hardware (/dev/random) based RNG daemon failing in unprivilged container

Host Ubuntu 18.04 / Guest Archlinux Current

Assuming the host is not sharing its entropy with the unpriviliged guest container I tried haveged in the guest with this result however.

haveged.service: Failed to set up network namespacing: Permission denied
haveged.service: Failed at step NETWORK spawning /usr/bin/haveged: Permission denied

Tried with a Unbuntu guest and though there is no error output the deamon just stays dead.

is there perhaps a workaround to provision an entropy daemon in in unprivilged containers?

apparently haveged isn’t meant to work in unprivileged containers Centos 7.5 container operation not permitted?

1 Like

thank you for the pointer.

Any hardware (/dev/random) based RNG will fail in an unprivileged LXC environment thus.

Would be good to have a paravirtual random number generator available but suppose that would need a kernel driver or a resource sharing wrapper around /dev/random with tenants limited to a certain share of allocation of data