[pve-devel] [PATCH manager v4 9/9] ui: let non-root users configure VirtIO RNG devices

Tue, 18 Feb 2025 03:12:17 -0800 

Allow non-root users with the VM.Config.HWType privilege to configure
/dev/urandom & /dev/random as an entropy source for a VirtIO RNG device.
Users with the Mapping.Use privilege on the /mapping/hwrng ACL path may
also configure /dev/hwrng as an entropy source.

Signed-off-by: Filip Schauer <f.scha...@proxmox.com>
---
 www/manager6/qemu/HardwareView.js | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/www/manager6/qemu/HardwareView.js 
b/www/manager6/qemu/HardwareView.js
index c6d193fc..af6df8cd 100644
--- a/www/manager6/qemu/HardwareView.js
+++ b/www/manager6/qemu/HardwareView.js
@@ -315,8 +315,8 @@ Ext.define('PVE.qemu.HardwareView', {
        rows.rng0 = {
            group: 45,
            tdCls: 'pve-itype-icon-die',
-           editor: caps.nodes['Sys.Console'] ? 'PVE.qemu.RNGEdit' : undefined,
-           never_delete: !caps.nodes['Sys.Console'],
+           editor: caps.vms['VM.Config.HWType'] || 
caps.mapping.hwrng['Mapping.Use'] ? 'PVE.qemu.RNGEdit' : undefined,
+           never_delete: !caps.vms['VM.Config.HWType'] && 
!caps.mapping.hwrng['Mapping.Use'],
            header: gettext("VirtIO RNG"),
        };
 
@@ -588,7 +588,6 @@ Ext.define('PVE.qemu.HardwareView', {
            });
 
            // heuristic only for disabling some stuff, the backend has the 
final word.
-           const noSysConsolePerm = !caps.nodes['Sys.Console'];
            const noHWPerm = !caps.nodes['Sys.Console'] && 
!caps.mapping['Mapping.Use'];
            const noVMConfigHWTypePerm = !caps.vms['VM.Config.HWType'];
            const noVMConfigNetPerm = !caps.vms['VM.Config.Network'];
@@ -601,7 +600,7 @@ Ext.define('PVE.qemu.HardwareView', {
            me.down('#addAudio').setDisabled(noVMConfigHWTypePerm || 
isAtLimit('audio'));
            me.down('#addSerial').setDisabled(noVMConfigHWTypePerm || 
isAtLimit('serial'));
            me.down('#addNet').setDisabled(noVMConfigNetPerm || 
isAtLimit('net'));
-           me.down('#addRng').setDisabled(noSysConsolePerm || 
isAtLimit('rng'));
+           me.down('#addRng').setDisabled(noVMConfigHWTypePerm || 
isAtLimit('rng'));
            efidisk_menuitem.setDisabled(noVMConfigDiskPerm || 
isAtLimit('efidisk'));
            me.down('#addTpmState').setDisabled(noVMConfigDiskPerm || 
isAtLimit('tpmstate'));
            me.down('#addCloudinitDrive').setDisabled(noVMConfigCDROMPerm || 
noVMConfigCloudinitPerm || hasCloudInit);
@@ -745,7 +744,7 @@ Ext.define('PVE.qemu.HardwareView', {
                                text: gettext("VirtIO RNG"),
                                itemId: 'addRng',
                                iconCls: 'pve-itype-icon-die',
-                               disabled: !caps.nodes['Sys.Console'],
+                               disabled: !caps.vms['VM.Config.HWType'] && 
!caps.mapping.hwrng['Mapping.Use'],
                                handler: editorFactory('RNGEdit'),
                            },
                        ],
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to