[PATCH] ssh dump: install random-seed from a new location
Vivek Goyal
vgoyal at redhat.com
Tue Jan 14 21:17:48 UTC 2014
On Wed, Dec 25, 2013 at 06:07:39PM +0800, WANG Chao wrote:
[..]
> > > if is_ssh_dump_target; then
> > > - dracut_install /var/lib/random-seed || exit $?
> > > + dracut_install -o /var/lib/random-seed || exit $?
> > > + dracut_install -o /var/lib/systemd/random-seed || exit $?
> >
> > below is better?
> >
> > dracut_install /var/lib/random-seed || dracut_install -o /var/lib/systemd/random-seed || exit $?
>
> Using dracut_install will error out w/o -o option. I think random-seed
> is not essential for ssh dump, we can omit it safely. What do you think
> for below:
>
> dracut_install -o /var/lib/random-seed
> dracut_install -o /var/lib/systemd/random-seed
I am not sure if random seed is optional. I think things will still work
but enough randomness might not be there and it might make for weaker
crypto and might make it little less secure in kdump environemnt.
Before this change, we used dracut install without -o option. That means
random seem was must. So why change behavior now.
How about using following.
if [ -f /var/lib/random-seed ]
dracut_install /var/lib/random-seed || exit $?
elif [ -f /var/lib/systemd/random-seed ]
dracut_install /var/lib/random-seed || exit $?
else
error
Thanks
Vivek
More information about the kexec
mailing list