Allow users with the Mapping.Use privilege on the /mapping/hwrng path to
configure /dev/hwrng as an entropy source for VirtIO RNG devices.
Signed-off-by: Filip Schauer <f.scha...@proxmox.com>
---
PVE/API2/Qemu.pm | 2 +-
PVE/QemuServer.pm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 2e99bf05..4d6a738d 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -812,7 +812,7 @@ my sub check_rng_perm {
my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng', $value);
if ($device->{source} && $device->{source} eq '/dev/hwrng') {
- die "only root can set '$opt' config for a non-mapped Hardware RNG
device\n";
+ $rpcenv->check_full($authuser, "/mapping/hwrng", ['Mapping.Use']);
}
return 1;
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 007ff2fc..1d495fa8 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6404,7 +6404,7 @@ sub check_mapping_access {
my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng',
$conf->{$opt});
if ($device->{source} && $device->{source} eq '/dev/hwrng') {
- die "only root can set '$opt' config for a non-mapped Hardware
RNG device\n";
+ $rpcenv->check_full($user, "/mapping/hwrng", ['Mapping.Use']);
}
}
}
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
