Very old OpenSSL versions (e.g., 1.1.0i) are using /dev/urandom to get
entropy while newer ones are using the getrandom syscall that does not
need the device file. In some environments access to the created
/dev/urandom device file may not work (EACCESS; chroot test case) and
then OpenSSL will start failing operations that depend on good entropy.
Therefore, check the status of the random number generator after chroot.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add an option to enter a chroot after starting swtpm. This is useful for
sandboxing purposes. When this option is used, it is expected that swtpm
is started as root and the --runas option is used to subsequently drop
privileges (otherwise the chroot could be escaped).
Signed-off-by: Jennifer Herbert <jennifer.herbert@citrix.com>
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
