Is there any reasons as to not randomize the machine-id?
Would it break systemd and or tirdad for example?
I see that Whonix and Kicksecure both set the machine-id as:
b08dfa6083e7567a1921a715000001fb
Could something like dbus-uuidgen --ensure=/etc/machine-id or systemd-machine-id-setup be used on startup to create new machine each boot without issue?
Could be similar but much less importance. Could argue machine-id should be unique per system (Debian default). Can be considered once someone runs into an issue which requires this.
I haven’t had any issues that I can tell with this generating each boot on Kicksecure:
So does machine-id ever get sent over the network?
Also does the current AppArmor profiles for Kicksecure/Whonix block access to this file for default applications?
And also on the topic of sandbox does the AppArmor profiles block access to /sys/class/net/*/address where the real MAC Adress is listed?
Otherwise: Unknown. Unspecific to Kicksecure. → Potential Solutions Beyond Kicksecure!
Yeah I get that is more about this maybe as a feature exlusive to Kicksecure is what was getting at…I see was discussed in the Whonix forum, my only opinion is I feel that most identifiers should be randomized if possible.
Well I’m just glad your fair and reasonable when it comes to these type of things.
Gonna look more into this as someone mentioned journald logs could be an issue.
Like I said I haven’t had any issues with -M flag mentioned above when randomizing my machine-id every boot on one of my installs (bare metal).
Also mentioned by HulaHoop on the whonix forum thread about machine-id, I wonder if and how KERNEL_INSTALL_MACHINE_ID= could be used?