From 459e7841473d7b6343d29091ba98b43afbb0aa6c Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Wed, 15 Dec 2021 16:07:14 +0100
Subject: MovePauseProcessToScope do not seed everytime

Instead of using math/rand we can use crypto/rand which we do not have
to seed. crypto/rand uses getrandom(2)
Also instead of adding an int to the scope name we add a 4 byte hex
string.

[NO NEW TESTS NEEDED]

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 utils/utils.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/utils/utils.go b/utils/utils.go
index 241e361cd..45cec2c5f 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -2,16 +2,15 @@ package utils
 
 import (
 	"bytes"
+	"crypto/rand"
 	"fmt"
 	"io"
 	"io/ioutil"
-	"math/rand"
 	"os"
 	"os/exec"
 	"strconv"
 	"strings"
 	"sync"
-	"time"
 
 	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/podman/v3/libpod/define"
@@ -205,10 +204,14 @@ func moveProcessToScope(pidPath, slice, scope string) error {
 func MovePauseProcessToScope(pausePidPath string) {
 	var err error
 
-	state := rand.New(rand.NewSource(time.Now().UnixNano()))
 	for i := 0; i < 10; i++ {
-		r := state.Int()
-		err = moveProcessToScope(pausePidPath, "user.slice", fmt.Sprintf("podman-pause-%d.scope", r))
+		randBytes := make([]byte, 4)
+		_, err = rand.Read(randBytes)
+		if err != nil {
+			logrus.Errorf("failed to read random bytes: %v", err)
+			continue
+		}
+		err = moveProcessToScope(pausePidPath, "user.slice", fmt.Sprintf("podman-pause-%x.scope", randBytes))
 		if err == nil {
 			return
 		}
-- 
cgit v1.2.3-54-g00ecf