[pve-devel] [PATCH manager/qemu-server v4 0/9] fix #5657: allow configuring RNG device as non-root user

Tue, 18 Feb 2025 03:12:21 -0800 

Allow users with the VM.Config.HWType privilege to configure VirtIO RNG
devices on VMs with either /dev/urandom or /dev/random as the entropy
source. Users with the Mapping.Use privilege on the /mapping/hwrng ACL
path may also configure /dev/hwrng as an entropy source.

Changes since v3:
* Remove hardware RNG resource mapping and introduce /mapping/hwrng ACL
  path instead
* Split some changes into separate commits

Changes since v2:
* Restrict RNG device format to enum of
* Add descriptive commit message
* Code style fixes
* Remove outdated remarks about entropy stravation of /dev/random
* Split helpers for VirtIO RNG command line arguments into its own
  commit
* Add explicit "use PVE::QemuServer::RNG;" statement to PVE/API2/Qemu.pm
* Fix "map: type check ('array') failed" error when adding a mapping in
  the UI
* ui: split resource mapping types into tabbed views

Changes since v1:
* Restrict use of /dev/hwrng to the root user
* introduce hardware RNG mapping

qemu-server:

Filip Schauer (6):
  remove outdated /dev/random entropy-starvation warnings
  refactor: move rng related code into its own module
  add helpers for VirtIO RNG command line arguments
  refactor: check_mapping_access: move root user check to the top
  allow non-root users to set /dev/u?random as an RNG source
  allow non-root users to set /dev/hwrng as an RNG source

 PVE/API2/Qemu.pm        |  29 ++++++++++
 PVE/QemuServer.pm       |  95 +++++++-------------------------
 PVE/QemuServer/Makefile |   1 +
 PVE/QemuServer/RNG.pm   | 116 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 164 insertions(+), 77 deletions(-)
 create mode 100644 PVE/QemuServer/RNG.pm


pve-manager:

Filip Schauer (3):
  ui: remove warning about entropy starvation of /dev/random
  ui: permissions: add ACL path for hardware RNG
  ui: let non-root users configure VirtIO RNG devices

 www/manager6/data/PermPathStore.js |  1 +
 www/manager6/qemu/HardwareView.js  |  9 ++++-----
 www/manager6/qemu/RNGEdit.js       | 13 -------------
 3 files changed, 5 insertions(+), 18 deletions(-)


Summary over all repositories:
  7 files changed, 169 insertions(+), 95 deletions(-)

-- 
Generated by git-murpp 0.6.0


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to