alt Hacker News/dev/[u]random is actually a CSPRNG. it uses a cryptographic hash function to mix in every drop of randomness accessible to the kernel. predicting it without compromising the kernel entails predicting all the randomness that went into it, past a certain point you are better off bruteforcing the internal state directly and that's intractable.
the greatest danger is right after boot where it's possible the kernel didn't have enough randomness to mix in yet. not as much of an issue on modern systems.
which is why periodically the kernel updates an entropy file on disk which is used on reboot as extra seed
cloning/snapshotting VMs might have entropy problems, but a proper VM manager will also inject entropy into the VM on boot