fsebugoutzone.org:9999

       Post 9vmAO0KOAOKFcKNe3U by yarmo@fosstodon.org
 (DIR) More posts by yarmo@fosstodon.org
 (DIR) Post #9vlmX96eV4L2Y7mVWK by yarmo@fosstodon.org
       2020-06-05T10:17:29Z
       
       1 likes, 2 repeats
       
       Blog post about my adventure last night debugging #docker and #entropy https://yarmo.eu/blog/missing-entropy
       
 (DIR) Post #9vm8PxIeCDkmteMuHI by dirkolmes@mastodon.social
       2020-06-05T14:22:41Z
       
       0 likes, 0 repeats
       
       @yarmo it would be interesting to know which part of Docker requires so much entropy and if Docker could be configured to use /dev/urandom instead.
       
 (DIR) Post #9vm8xxYpjREnYI9bAe by yarmo@fosstodon.org
       2020-06-05T14:28:51Z
       
       0 likes, 0 repeats
       
       @dirkolmes &quot;which part&quot;: have been trying to figure out, not succeeded yet, could also be container specific&quot;use /dev/urandom&quot; that&#39;s a cool idea! But in my case, it was the system entropy pool that was depleted, so wouldn&#39;t have mattered here
       
 (DIR) Post #9vm96fA1VqFb5ihPTE by dirkolmes@mastodon.social
       2020-06-05T14:30:26Z
       
       0 likes, 0 repeats
       
       @yarmo hmm but doesn’t use /dev/random use the entropy pool?
       
 (DIR) Post #9vm9UrrpvAZRRyja0u by yarmo@fosstodon.org
       2020-06-05T14:34:48Z
       
       0 likes, 0 repeats
       
       @dirkolmes yes, indeed! Sorry, I wasn&#39;t clear. Or maybe I&#39;m misunderstanding you.What I meant was: I ran `cat /proc/sys/kernel/random/entropy_avail` on the host system and that was depleted. Since Docker (the service) is run on the host, it already uses /dev/random. I thought you meant you wanted to try to make a Docker container use the host&#39;s /dev/random. Right? That would be cool... And possibly already happening since a container is not a VM... Need to research!
       
 (DIR) Post #9vm9ovKAmGo1xoYGFk by dirkolmes@mastodon.social
       2020-06-05T14:38:25Z
       
       0 likes, 0 repeats
       
       @yarmo no I meant that Docker (the service) could be configured to use /dev/urandomThinking a bit more about it now it could also be the container that exhausts the host’s random pool.
       
 (DIR) Post #9vm9qHbRQqWxLhHEpc by yarmo@fosstodon.org
       2020-06-05T14:38:41Z
       
       0 likes, 0 repeats
       
       @dirkolmes https://stackoverflow.com/questions/52699235/how-are-requests-to-dev-urandom-etc-handled-in-dockerThis does seem to confirm that indeed, because kernel is shared, host and containers use the same entropy pool and therefore /dev/random
       
 (DIR) Post #9vmA1O8tSU5QogDfUW by yarmo@fosstodon.org
       2020-06-05T14:40:41Z
       
       0 likes, 0 repeats
       
       @dirkolmes https://discuss.linuxcontainers.org/t/attach-host-dev-random-to-container-dev-random/5175Second confirmation
       
 (DIR) Post #9vmAO0KOAOKFcKNe3U by yarmo@fosstodon.org
       2020-06-05T14:44:45Z
       
       0 likes, 0 repeats
       
       @dirkolmes &gt; Thinking a bit more about it now it could also be the container that exhausts the host’s random poolThat&#39;s what I think is happening. And when I use caddy which needs to generate certificates, I think that&#39;s really killing the host&#39;s random pool
       
 (DIR) Post #9vmHqYwDmOYOkKdnWq by dirkolmes@mastodon.social
       2020-06-05T16:08:21Z
       
       0 likes, 0 repeats
       
       @yarmo ok now it makes sense. It would be up to the software inside the container to use /dev/urandom which is nothing you can change easily.