This allows a user with the Mapping.Modify privilege on /mapping/hwrng
to configure a hardware RNG mapping. A less privileged user with the
Mapping.Use privilege can then pass the mapped hardware RNG device as an
entropy source to a VirtIO RNG device.
Signed-off-by: Filip Schauer <f.scha...@proxmox.com>
---
PVE/API2/Qemu.pm | 5 +++++
PVE/QemuServer.pm | 5 +++++
PVE/QemuServer/RNG.pm | 25 +++++++++++++++++++++++--
3 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 8262c9d4..e8567ff3 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -808,9 +808,14 @@ my sub check_rng_perm {
my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng', $value);
if ($device->{source}) {
+ # Backward compatibility for non-mapped /dev/hwrng
if ($device->{source} eq '/dev/hwrng') {
die "only root can set '$opt' config for a non-mapped Hardware RNG
device\n";
}
+ } elsif ($device->{mapping}) {
+ $rpcenv->check_full($authuser, "/mapping/hwrng/$device->{mapping}",
['Mapping.Use']);
+ } else {
+ die "either 'source' or 'mapping' must be set.\n";
}
return 1;
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 606f51fa..4a36e778 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6606,10 +6606,15 @@ sub check_mapping_access {
my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng',
$conf->{$opt});
if ($device->{source}) {
+ # Backward compatibility for non-mapped /dev/hwrng
if ($device->{source} eq '/dev/hwrng') {
die "only root can set '$opt' config for a non-mapped
Hardware RNG device\n"
if $user ne 'root@pam';
}
+ } elsif ($device->{mapping}) {
+ $rpcenv->check_full($user, "/mapping/hwrng/$device->{mapping}",
['Mapping.Use']);
+ } else {
+ die "either 'source' or 'mapping' must be set.\n";
}
}
}
diff --git a/PVE/QemuServer/RNG.pm b/PVE/QemuServer/RNG.pm
index f7a62f3b..ede5ffde 100644
--- a/PVE/QemuServer/RNG.pm
+++ b/PVE/QemuServer/RNG.pm
@@ -5,6 +5,7 @@ use warnings;
use PVE::QemuServer::PCI qw(print_pci_addr);
use PVE::JSONSchema;
+use PVE::Mapping::HWRNG;
use PVE::Tools qw(file_read_firstline);
use base 'Exporter';
@@ -25,8 +26,15 @@ our $rng_fmt = {
." should be preferred over '/dev/random' to avoid
entropy-starvation issues on the"
." host. Using urandom does *not* decrease security in any
meaningful way, as it's"
." still seeded from real entropy, and the bytes provided will most
likely be mixed"
- ." with real entropy on the guest as well. '/dev/hwrng' can be used
to pass through"
- ." a hardware RNG from the host.",
+ ." with real entropy on the guest as well.",
+ },
+ mapping => {
+ optional => 1,
+ type => 'string',
+ format_description => 'mapping-id',
+ format => 'pve-configid',
+ description => "The ID of a cluster wide mapping. When specified,
entropy is gathered from"
+ ." a hardware RNG on the host. Either this or the default-key
'source' must be set.",
},
max_bytes => {
type => 'integer',
@@ -68,6 +76,9 @@ sub parse_rng {
warn $@ if $@;
my $source = $res->{source};
+ my $mapping = $res->{mapping};
+
+ return if $source && $mapping; # not a valid configuration
return $res;
}
@@ -93,9 +104,19 @@ sub get_rng_source_path {
my ($rng) = @_;
my $source = $rng->{source};
+ my $mapping = $rng->{mapping};
+
+ return if $source && $mapping; # not a valid configuration
if (defined($source)) {
return $source;
+ } elsif (defined($mapping)) {
+ my $devices = PVE::Mapping::HWRNG::find_on_current_node($mapping);
+ die "Hardware RNG mapping not found for '$mapping'\n" if !$devices ||
!scalar($devices->@*);
+ die "More than one Hardware RNG mapping per host not supported\n"
+ if scalar($devices->@*) > 1;
+
+ return $devices->[0]->{path};
}
return;
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
