[pve-devel] [PATCH container v2 3/4] config: support printing a device

Signed-off-by: Filip Schauer --- src/PVE/LXC/Config.pm | 6 ++ 1 file changed, 6 insertions(+) diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm index 0740e8c..555767f 100644 --- a/src/PVE/LXC/Config.pm +++ b/src/PVE/LXC/Config.pm @@ -1364,6 +1364,12 @@ sub print_volume

Re: [pve-devel] [PATCH container 0/3] implement device hotplug

Superseded by: https://lore.proxmox.com/pve-devel/20250423125640.88756-1-f.scha...@proxmox.com/T On 16/12/2024 18:21, Filip Schauer wrote: Filip Schauer (3): extract apparmor profile & namespace switch to its own helper config: support printing a device implement device hotplug

[pve-devel] [PATCH container v2 4/4] implement device hotplug

This only includes adding devices to a running container. Removing or editing existing devices is still not implemented. Signed-off-by: Filip Schauer --- src/PVE/LXC.pm| 74 ++- src/PVE/LXC/Config.pm | 19 +++ 2 files changed, 92

[pve-devel] [PATCH container v2 0/4] implement device hotplug

For now this only includes adding devices to a running container. (not removing or editing existing devices) Changes since v1: * Reduce code repetition between lxc-pve-prestart-hook and device_passthrough_hotplug by extracting passthrough device node creation to a helper. Filip Schauer (4

[pve-devel] [PATCH container v2 1/4] extract apparmor profile & namespace switch to a helper

Signed-off-by: Filip Schauer --- src/PVE/LXC.pm | 71 +- 1 file changed, 41 insertions(+), 30 deletions(-) diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm index a58c997..d929608 100644 --- a/src/PVE/LXC.pm +++ b/src/PVE/LXC.pm @@ -2010,15 +2010,42

[pve-devel] [PATCH container v2 2/4] extract passthrough device node creation to a helper

Signed-off-by: Filip Schauer --- src/PVE/LXC.pm| 29 + src/lxc-pve-prestart-hook | 21 + 2 files changed, 30 insertions(+), 20 deletions(-) diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm index d929608..d985b88 100644 --- a/src/PVE/LXC.pm

[pve-devel] [PATCH manager 10/12] accept .tar.lzo ct templates in the storage upload dialog

.tar.lzo container templates are already explicitly supported in PVE::LXC::Create::restore_tar_archive Signed-off-by: Filip Schauer --- www/manager6/window/UploadToStorage.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/manager6/window/UploadToStorage.js b/www

[pve-devel] [PATCH manager 08/12] vzdump: add support for xz compression

Signed-off-by: Filip Schauer --- PVE/VZDump.pm | 7 +++ www/manager6/form/BackupCompressionSelector.js | 1 + 2 files changed, 8 insertions(+) diff --git a/PVE/VZDump.pm b/PVE/VZDump.pm index 06a887a3..0b99f88d 100644 --- a/PVE/VZDump.pm +++ b/PVE/VZDump.pm

[pve-devel] [PATCH vma-to-pbs 11/12] add support for bzip2 compressed VMA files

This aligns with the PVE::Storage::BACKUP_EXT_RE_2 regex Signed-off-by: Filip Schauer --- src/main.rs| 3 ++- src/vma2pbs.rs | 6 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index 59bc40b..5d7c3bf 100644 --- a/src/main.rs +++ b/src/main.rs

[pve-devel] [PATCH guest-common 05/12] vzdump: add support for xz compression

Signed-off-by: Filip Schauer --- src/PVE/VZDump/Common.pm | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/PVE/VZDump/Common.pm b/src/PVE/VZDump/Common.pm index 9e13faf..1e65047 100644 --- a/src/PVE/VZDump/Common.pm +++ b/src/PVE/VZDump/Common.pm @@ -158,7 +158,7

[pve-devel] [PATCH storage 03/12] align supported compression formats for templates and backups

Make the supported compression formats consistent across templates and backups. Specifically this enables the use of .tar.lzo container templates. This is already explicitly supported in PVE::LXC::Create::restore_tar_archive Signed-off-by: Filip Schauer --- src/PVE/Storage.pm | 2 +- 1 file

[pve-devel] [PATCH vma-to-pbs 12/12] add support for xz compressed VMA files

Signed-off-by: Filip Schauer --- src/main.rs| 3 ++- src/vma2pbs.rs | 6 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index 5d7c3bf..03dd64f 100644 --- a/src/main.rs +++ b/src/main.rs @@ -254,7 +254,7 @@ fn parse_args() -> Result {

[pve-devel] [PATCH storage 02/12] add support for xz compressed VM and container backups

Add support for xz compressed VMA files and allow the use of xz compressed container backups, which are already explicitly supported in PVE::LXC::Create::restore_tar_archive. Signed-off-by: Filip Schauer --- debian/control | 1 + src/PVE/Storage.pm | 3

[pve-devel] [PATCH manager 09/12] allow download of xz compressed files

Signed-off-by: Filip Schauer --- www/manager6/window/DownloadUrlToStorage.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/www/manager6/window/DownloadUrlToStorage.js b/www/manager6/window/DownloadUrlToStorage.js index aabc9d3c..28e9b501 100644 --- a/www/manager6/window

[pve-devel] [PATCH manager 07/12] vzdump: add support for bzip2 compression

This aligns with the PVE::Storage::BACKUP_EXT_RE_2 regex. Signed-off-by: Filip Schauer --- PVE/VZDump.pm | 2 ++ www/manager6/form/BackupCompressionSelector.js | 1 + 2 files changed, 3 insertions(+) diff --git a/PVE/VZDump.pm b/PVE/VZDump.pm index 58fa0f64

[pve-devel] [PATCH manager 06/12] accept .tar.bz2 ct templates in the storage upload dialog

This aligns with the PVE::Storage::VZTMPL_EXT_RE_1 regex. Signed-off-by: Filip Schauer --- www/manager6/window/UploadToStorage.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/manager6/window/UploadToStorage.js b/www/manager6/window/UploadToStorage.js index f6cad0ec

[pve-devel] [PATCH guest-common/manager/storage/vma-to-pbs 00/12] align supported compression formats for templates and backups

forgotten to be fully implemented in some places. Note: .tar.lzo container templates are already supported in PVE::LXC::Create::restore_tar_archive, since this code is shared with container backups. pve-storage: Filip Schauer (3): add support for .vma.bz2 add support for xz compressed VM and

[pve-devel] [PATCH guest-common 04/12] vzdump: add support for bzip2 compression

This aligns with the PVE::Storage::BACKUP_EXT_RE_2 regex Signed-off-by: Filip Schauer --- src/PVE/VZDump/Common.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/VZDump/Common.pm b/src/PVE/VZDump/Common.pm index 8fce316..9e13faf 100644 --- a/src/PVE/VZDump/Common.pm

[pve-devel] [PATCH storage 01/12] add support for .vma.bz2

This aligns with the PVE::Storage::BACKUP_EXT_RE_2 regex Signed-off-by: Filip Schauer --- src/PVE/Storage.pm | 11 +-- src/test/list_volumes_test.pm | 10 ++ src/test/parse_volname_test.pm | 2 +- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src

Re: [pve-devel] [PATCH docs/qemu-server/manager v17 0/10] Virtio-fs

Tested on a fresh proxmox-ve_8.4-ALPHA-1.iso install. Configured a directory mapping and passed it to a Debian VM with the default settings. Inside the VM I mounted the directory using `mount -t virtiofs dirid /mnt/path`. Writing some data to the directory from inside the VM with `dd if=/dev/ura

Re: [pve-devel] [PATCH manager v16 12/12] ui: add options to add virtio-fs to qemu config

This does not apply on the most recent master. On 04/04/2025 18:08, Markus Frank wrote: Signed-off-by: Markus Frank --- v16: * added hint for directory mapping in VirtiofsEdit www/manager6/Makefile | 1 + www/manager6/Utils.js | 1 + www/manager6/qemu/HardwareVi

Re: [pve-devel] [PATCH manager v16 10/12] ui: add resource mapping view for directories

On 04/04/2025 18:08, Markus Frank wrote: diff --git a/www/manager6/dc/Config.js b/www/manager6/dc/Config.js index 74728c83..2958fb88 100644 --- a/www/manager6/dc/Config.js +++ b/www/manager6/dc/Config.js @@ -329,6 +329,16 @@ Ext.define('PVE.dc.Config', { title: gettex

Re: [pve-devel] [PATCH storage/manager v4] allow down/upload & import of images in the web UI

Tested with (.img.raw/.raw), .qcow2, .vmdk and different combinations of target storages/formats. Everything worked fine except for one thing: The upload dialog allows the user to manually change the file name. When changing the file extension to ".img". Clicking "Upload" is allowed but after the

Re: [pve-devel] [PATCH storage/manager v3] allow upload & import of qcow2 in the web UI

qcow2 disk via the wizard works fine. The minor "ugliness" that the storage selector resets when the "Import Image" checkbox is toggled is not a big problem in my opinion. Overall this looks fine. Tested-by: Filip Schauer On 25/03/2025 16:14, Dominik Csapak wrote: most of t

Re: [pve-devel] [PATCH manager v2 3/3] ui: qemu hd edit: allow importing a disk from the import storage

The bug from before is solved, but instead a different bug has appeared: When I enable the "Import Image" checkbox on the "Disks" tab of the virtual machine creation wizard, the "Select Image" selector is disabled by default. It can be enabled by switching the import storage. On 20/03/2025 14:40,

Re: [pve-devel] Proposal For Podman Container Support

Hello, I have skimmed through the OCI Runtime+Image specs. Here is a rough outline of OCI Runtime Bundles and OCI Images: An **OCI Runtime Bundle** is: > A directory structure that is written ahead of time, distributed, and > used to seed the runtime for creating a container and launching a > p

Re: [pve-devel] [PATCH manager 3/3] ui: qemu hd edit: allow importing a disk from the import storage

I ran into a bug when creating a VM in the Web UI: On the "Disks" tab the wizard does not let me proceed with the default configuration. When selecting an image to import and then unchecking the "Import Image" box again, the wizard lets me proceed again. On the other hand, adding a qcow2 image to

[pve-devel] [PATCH storage v7 0/9] support copying volumes between storages

Add the ability to copy a backup, ISO, container template, snippet, or OVA/OVF between storages and nodes via an API method. Copying a VMA backup to a Proxmox Backup Server requires the proxmox-vma-to-pbs package to be installed. Currently only VMA backups can be copied to a Proxmox Backup Server a

[pve-devel] [PATCH storage v7 9/9] pvesm: add a copy-volume command

container template to another node and delete the source: ``` pvesm copy-volume \ local:vztmpl/devuan-4.0-standard_4.0_amd64.tar.gz local \ --target-node pvenode2 --delete ``` Signed-off-by: Filip Schauer --- src/PVE/CLI/pvesm.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/PVE

[pve-devel] [PATCH storage v7 6/9] api: content: support copying backups between path based storages

This commit adds support for the "backup+meta" export format. When this format is used, the notes and protection flag of the backup are included in the metadata header. Signed-off-by: Filip Schauer --- src/PVE/API2/Storage/Content.pm | 10 -- src/PVE/Storage/Plugin.pm

[pve-devel] [PATCH storage v7 8/9] support copying VMA backups to PBS

Extend the copy API to support copying VMA backups to a Proxmox Backup Server. Signed-off-by: Filip Schauer --- debian/control | 1 + src/PVE/API2/Storage/Content.pm | 20 --- src/PVE/Storage/PBSPlugin.pm| 59 + 3 files changed, 76

Re: [pve-devel] [PATCH storage v6 0/7] support moving volumes between storages

Superseded by: https://lore.proxmox.com/pve-devel/20250311142328.112538-1-f.scha...@proxmox.com/ On 20/01/2025 12:28, Filip Schauer wrote: Add the ability to move a backup, ISO, container template, snippet, or OVA/OVF between storages and nodes via an API method. Moving a VMA backup to a

[pve-devel] [PATCH storage v7 5/9] introduce $vtype+meta export formats

These new export formats include a JSON metadata header containing the vtype and the format. This allows for future extensibility without breaking backward compatibility when adding additional metadata. Signed-off-by: Filip Schauer --- src/PVE/Storage.pm| 16 ++- src/PVE/Storage

[pve-devel] [PATCH storage v7 7/9] storage: introduce decompress_archive_into_pipe helper

Extract the file decompression code into its own reusable subroutine. Signed-off-by: Filip Schauer Reviewed-by: Fiona Ebner --- src/PVE/Storage.pm | 64 +- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/src/PVE/Storage.pm b/src/PVE

[pve-devel] [PATCH storage v7 1/9] storage migrate: remove remnant from rsync-based migration

rsync-based migration was replaced by import/export in commit da72898cc65b ("migrate: only use import/export") Signed-off-by: Filip Schauer --- src/PVE/Storage.pm | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm index 3b4f041..d885882 100755

[pve-devel] [PATCH storage v7 4/9] api: content: implement copying volumes between storages

Add the ability to copy an iso, snippet or vztmpl between storages and nodes. Signed-off-by: Filip Schauer --- src/PVE/API2/Storage/Content.pm | 117 1 file changed, 75 insertions(+), 42 deletions(-) diff --git a/src/PVE/API2/Storage/Content.pm b/src/PVE/API2

[pve-devel] [PATCH storage v7 3/9] plugin: allow volume import of iso, snippets, vztmpl and import

templates between nodes. Existing behavior for importing VM disks and container volumes remains unchanged. Signed-off-by: Filip Schauer --- src/PVE/Storage/Plugin.pm | 81 --- 1 file changed, 51 insertions(+), 30 deletions(-) diff --git a/src/PVE/Storage/Plugin.

[pve-devel] [PATCH storage v7 2/9] storage migrate: avoid ssh when moving a volume locally

Avoid the overhead of SSH when $target_sshinfo is undefined. Instead move a volume between storages on the same node. Signed-off-by: Filip Schauer --- src/PVE/Storage.pm | 19 +++ 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/PVE/Storage.pm b/src/PVE

[pve-devel] [PATCH manager v4 7/9] ui: remove warning about entropy starvation of /dev/random

/Articles/808575/ Signed-off-by: Filip Schauer --- www/manager6/qemu/RNGEdit.js | 13 - 1 file changed, 13 deletions(-) diff --git a/www/manager6/qemu/RNGEdit.js b/www/manager6/qemu/RNGEdit.js index e34e2c08..097e08c3 100644 --- a/www/manager6/qemu/RNGEdit.js +++ b/www/manager6/qemu

[pve-devel] [PATCH qemu-server v4 3/9] add helpers for VirtIO RNG command line arguments

Signed-off-by: Filip Schauer --- PVE/QemuServer.pm | 18 +- PVE/QemuServer/RNG.pm | 30 ++ 2 files changed, 35 insertions(+), 13 deletions(-) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 09d2b3a8..70518924 100644 --- a/PVE

Re: [pve-devel] [PATCH cluster/guest-common/manager/qemu-server v3 00/11] fix #5657: allow configuring RNG device as non-root user

Superseded by: https://lore.proxmox.com/pve-devel/2025021802.40055-1-f.scha...@proxmox.com/ On 11/02/2025 13:34, Fabian Grünbichler wrote: do we expect other hardware RNG device paths in the future? No, not in the near future at least. There is a patch [1] for this from 2016, but this was

[pve-devel] [PATCH qemu-server v4 1/9] remove outdated /dev/random entropy-starvation warnings

/acd77500aa8a337baa6d853568c4b55aca48e20f [2] https://lwn.net/Articles/808575/ Signed-off-by: Filip Schauer --- PVE/QemuServer.pm | 13 + 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 808c0e1c..a1237c05 100644 --- a/PVE/QemuServer.pm +++ b/PVE

[pve-devel] [PATCH qemu-server v4 2/9] refactor: move rng related code into its own module

Move code related to VirtIO RNG configuration for a VM to its own module. Signed-off-by: Filip Schauer --- PVE/QemuServer.pm | 60 +--- PVE/QemuServer/Makefile | 1 + PVE/QemuServer/RNG.pm | 86 + 3 files changed, 89

[pve-devel] [PATCH manager v4 8/9] ui: permissions: add ACL path for hardware RNG

Signed-off-by: Filip Schauer --- www/manager6/data/PermPathStore.js | 1 + 1 file changed, 1 insertion(+) diff --git a/www/manager6/data/PermPathStore.js b/www/manager6/data/PermPathStore.js index 8785a1d7..8212b17d 100644 --- a/www/manager6/data/PermPathStore.js +++ b/www/manager6/data

[pve-devel] [PATCH manager/qemu-server v4 0/9] fix #5657: allow configuring RNG device as non-root user

tabbed views Changes since v1: * Restrict use of /dev/hwrng to the root user * introduce hardware RNG mapping qemu-server: Filip Schauer (6): remove outdated /dev/random entropy-starvation warnings refactor: move rng related code into its own module add helpers for VirtIO RNG com

[pve-devel] [PATCH qemu-server v4 6/9] allow non-root users to set /dev/hwrng as an RNG source

Allow users with the Mapping.Use privilege on the /mapping/hwrng path to configure /dev/hwrng as an entropy source for VirtIO RNG devices. Signed-off-by: Filip Schauer --- PVE/API2/Qemu.pm | 2 +- PVE/QemuServer.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/PVE/API2

[pve-devel] [PATCH manager v4 9/9] ui: let non-root users configure VirtIO RNG devices

Allow non-root users with the VM.Config.HWType privilege to configure /dev/urandom & /dev/random as an entropy source for a VirtIO RNG device. Users with the Mapping.Use privilege on the /mapping/hwrng ACL path may also configure /dev/hwrng as an entropy source. Signed-off-by: Filip Sch

[pve-devel] [PATCH qemu-server v4 5/9] allow non-root users to set /dev/u?random as an RNG source

Allow non-root users with the VM.Config.HWType privilege to configure /dev/urandom & /dev/random as an entropy source for a VirtIO RNG device. /dev/hwrng remains restricted to the root user. Signed-off-by: Filip Schauer --- PVE/API2/Qemu.pm | 29 + PVE/QemuServe

[pve-devel] [PATCH qemu-server v4 4/9] refactor: check_mapping_access: move root user check to the top

Signed-off-by: Filip Schauer --- PVE/QemuServer.pm | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 70518924..6c842924 100644 --- a/PVE/QemuServer.pm +++ b/PVE/QemuServer.pm @@ -6378,12 +6378,14 @@ sub check_bridge_access

Re: [pve-devel] [PATCH cluster/guest-common/manager/qemu-server v2 0/9] fix #5657: allow configuring RNG device as non-root user

Superseded by: https://lore.proxmox.com/pve-devel/20250210153734.103381-1-f.scha...@proxmox.com/ On 30/01/2025 13:17, Fiona Ebner wrote: It's a lot of overhead for a very specific kind of device. What irks me is that we have a lot of boilerplate duplication for each new mapping type, also for th

[pve-devel] [PATCH manager v3 07/11] ui: split resource mapping types into tabbed views

Reorganize resource mapping types into separate views accessible via tabs. Signed-off-by: Filip Schauer --- www/manager6/Makefile | 13 ++--- www/manager6/dc/Config.js | 51 +++ .../{window => resource-map}/HWRNGMapEdit.js |

[pve-devel] [PATCH manager v3 04/11] introduce hardware rng scanning api

Signed-off-by: Filip Schauer --- PVE/API2/Hardware.pm | 7 ++ PVE/API2/Hardware/HWRNG.pm | 47 ++ PVE/API2/Hardware/Makefile | 1 + 3 files changed, 55 insertions(+) create mode 100644 PVE/API2/Hardware/HWRNG.pm diff --git a/PVE/API2/Hardware.pm

[pve-devel] [PATCH qemu-server v3 10/11] allow non-root users to set /dev/u?random as an RNG source

Allow non-root users with the VM.Config.HWType privilege to configure /dev/urandom & /dev/random as an entropy source for a VirtIO RNG device. /dev/hwrng remains restricted to the root user. Signed-off-by: Filip Schauer --- PVE/API2/Qemu.pm | 43 +++

[pve-devel] [PATCH manager v3 03/11] introduce hardware rng mapping api

Signed-off-by: Filip Schauer --- PVE/API2/Cluster/Mapping.pm | 7 + PVE/API2/Cluster/Mapping/HWRNG.pm | 286 ++ PVE/API2/Cluster/Mapping/Makefile | 5 +- 3 files changed, 296 insertions(+), 2 deletions(-) create mode 100644 PVE/API2/Cluster/Mapping/HWRNG.pm

[pve-devel] [PATCH qemu-server v3 09/11] add helpers for VirtIO RNG command line arguments

Signed-off-by: Filip Schauer --- PVE/QemuServer.pm | 18 +- PVE/QemuServer/RNG.pm | 42 ++ 2 files changed, 47 insertions(+), 13 deletions(-) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 09d2b3a8..70518924 100644 --- a/PVE

[pve-devel] [PATCH cluster v3 02/11] cfs: add 'mapping/hwrng.cfg' to observed files

Observe the configuration file for hardware RNG mappings. Signed-off-by: Filip Schauer --- src/PVE/Cluster.pm | 1 + src/pmxcfs/status.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/PVE/Cluster.pm b/src/PVE/Cluster.pm index e0e3ee9..684b481 100644 --- a/src/PVE/Cluster.pm +++ b

[pve-devel] [PATCH qemu-server v3 08/11] refactor: move rng related code into its own module

version 5.6. [1] [2] [1] https://git.kernel.org/torvalds/c/acd77500aa8a337baa6d853568c4b55aca48e20f [2] https://lwn.net/Articles/808575/ Signed-off-by: Filip Schauer --- PVE/QemuServer.pm | 63 +- PVE/QemuServer/Makefile | 1 + PVE/QemuServer/RNG.pm | 86

[pve-devel] [PATCH manager v3 06/11] ui: allow use of mapped hardware RNGs as entropy sources for VMs

Signed-off-by: Filip Schauer --- www/manager6/Makefile | 1 + www/manager6/form/HWRNGMapSelector.js | 99 +++ www/manager6/qemu/HardwareView.js | 9 ++- www/manager6/qemu/RNGEdit.js | 79 ++--- 4 files changed, 159 insertions

[pve-devel] [PATCH qemu-server v3 11/11] let VirtIO RNG devices source entropy from mapped HWRNGs

This allows a user with the Mapping.Modify privilege on /mapping/hwrng to configure a hardware RNG mapping. A less privileged user with the Mapping.Use privilege can then pass the mapped hardware RNG device as an entropy source to a VirtIO RNG device. Signed-off-by: Filip Schauer --- PVE/API2

[pve-devel] [PATCH manager v3 05/11] ui: add hardware RNG resource mapping

Signed-off-by: Filip Schauer --- www/manager6/Makefile | 2 + www/manager6/data/PermPathStore.js | 1 + www/manager6/dc/Config.js | 10 ++ www/manager6/dc/HWRNGMapView.js | 76 ++ www/manager6/window/HWRNGMapEdit.js | 149

[pve-devel] [PATCH guest-common v3 01/11] mapping: add a hardware RNG mapping config

Signed-off-by: Filip Schauer --- src/Makefile | 1 + src/PVE/Mapping/HWRNG.pm | 147 +++ 2 files changed, 148 insertions(+) create mode 100644 src/PVE/Mapping/HWRNG.pm diff --git a/src/Makefile b/src/Makefile index cbc40c1..ae62b7d 100644 --- a

[pve-devel] [PATCH cluster/guest-common/manager/qemu-server v3 00/11] fix #5657: allow configuring RNG device as non-root user

ardware RNG mapping pve-guest-common: Filip Schauer (1): mapping: add a hardware RNG mapping config src/Makefile | 1 + src/PVE/Mapping/HWRNG.pm | 147 +++ 2 files changed, 148 insertions(+) create mode 100644 src/PVE/Mapping/HWRNG.pm

Re: [pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user

Superseded by: https://lore.proxmox.com/pve-devel/20250129155339.164696-1-f.scha...@proxmox.com/ On 24/10/2024 13:16, Fabian Grünbichler wrote: we could also define some sort of mapping-like thing for the hardware RNG to allow semi-privileged users to pass it through, after a highly privileged u

[pve-devel] [PATCH manager v2 6/9] ui: allow use of mapped hardware RNGs as entropy sources for VMs

Signed-off-by: Filip Schauer --- www/manager6/Makefile | 1 + www/manager6/form/HWRNGMapSelector.js | 99 +++ www/manager6/qemu/HardwareView.js | 9 ++- www/manager6/qemu/RNGEdit.js | 79 ++--- 4 files changed, 159 insertions

[pve-devel] [PATCH manager v2 5/9] ui: add hardware RNG resource mapping

Signed-off-by: Filip Schauer --- www/manager6/Makefile | 2 + www/manager6/data/PermPathStore.js | 1 + www/manager6/dc/Config.js | 10 ++ www/manager6/dc/HWRNGMapView.js | 76 ++ www/manager6/window/HWRNGMapEdit.js | 149

[pve-devel] [PATCH qemu-server v2 8/9] allow non-root users to set /dev/u?random as an RNG source

Allow non-root users with the VM.Config.HWType privilege to configure /dev/urandom & /dev/random as an entropy source for a VirtIO RNG device. /dev/hwrng remains restricted to the root user. Signed-off-by: Filip Schauer --- PVE/API2/Qemu.pm | 42 ++

[pve-devel] [PATCH qemu-server v2 9/9] let VirtIO RNG devices source entropy from mapped HWRNGs

This allows a user with the Mapping.Modify privilege on /mapping/hwrng to configure a hardware RNG mapping. A less privileged user with the Mapping.Use privilege can then pass the mapped hardware RNG device as an entropy source to a VirtIO RNG device. Signed-off-by: Filip Schauer --- PVE/API2

[pve-devel] [PATCH manager v2 3/9] introduce hardware rng mapping api

Signed-off-by: Filip Schauer --- PVE/API2/Cluster/Mapping.pm | 7 + PVE/API2/Cluster/Mapping/HWRNG.pm | 286 ++ PVE/API2/Cluster/Mapping/Makefile | 5 +- 3 files changed, 296 insertions(+), 2 deletions(-) create mode 100644 PVE/API2/Cluster/Mapping/HWRNG.pm

[pve-devel] [PATCH manager v2 4/9] introduce hardware rng scanning api

Signed-off-by: Filip Schauer --- PVE/API2/Hardware.pm | 7 ++ PVE/API2/Hardware/HWRNG.pm | 47 ++ PVE/API2/Hardware/Makefile | 1 + 3 files changed, 55 insertions(+) create mode 100644 PVE/API2/Hardware/HWRNG.pm diff --git a/PVE/API2/Hardware.pm

[pve-devel] [PATCH cluster/guest-common/manager/qemu-server v2 0/9] fix #5657: allow configuring RNG device as non-root user

RNG devices as entropy sources. Changes since v1: * Restrict use of /dev/hwrng to the root user * introduce hardware RNG mapping pve-guest-common: Filip Schauer (1): mapping: add a hardware RNG mapping config src/Makefile | 1 + src/PVE/Mapping/HWRNG.pm | 147

[pve-devel] [PATCH qemu-server v2 7/9] refactor: move rng related code into its own module

Signed-off-by: Filip Schauer --- PVE/QemuServer.pm | 83 +++- PVE/QemuServer/Makefile | 1 + PVE/QemuServer/RNG.pm | 135 3 files changed, 145 insertions(+), 74 deletions(-) create mode 100644 PVE/QemuServer/RNG.pm diff

[pve-devel] [PATCH cluster v2 2/9] cfs: add 'mapping/hwrng.cfg' to observed files

Observe the configuration file for hardware RNG mappings. Signed-off-by: Filip Schauer --- src/PVE/Cluster.pm | 1 + src/pmxcfs/status.c | 1 + 2 files changed, 2 insertions(+) diff --git a/src/PVE/Cluster.pm b/src/PVE/Cluster.pm index e0e3ee9..684b481 100644 --- a/src/PVE/Cluster.pm +++ b

[pve-devel] [PATCH guest-common v2 1/9] mapping: add a hardware RNG mapping config

Signed-off-by: Filip Schauer --- src/Makefile | 1 + src/PVE/Mapping/HWRNG.pm | 147 +++ 2 files changed, 148 insertions(+) create mode 100644 src/PVE/Mapping/HWRNG.pm diff --git a/src/Makefile b/src/Makefile index cbc40c1..ae62b7d 100644 --- a

Re: [pve-devel] [PATCH storage v5 0/7] support moving volumes between storages

Merge conflicts to current master (e5f4af47d083) have been resolved in v6. Superseded by: https://lore.proxmox.com/pve-devel/20250120112842.36450-1-f.scha...@proxmox.com/ On 26/11/2024 16:23, Filip Schauer wrote: Add the ability to move a backup, ISO, container template, snippet, or OVA/OVF

[pve-devel] [PATCH storage v6 3/7] api: content: support moving backups between path based storages

This commit adds the "backup+size" export format. When this format is used, the data stream starts with metadata of the backup (protected flag & notes) followed by the contents of the backup archive. Signed-off-by: Filip Schauer --- src/PVE/API2/Storage/Content.pm | 15 +++

[pve-devel] [PATCH storage v6 7/7] storage migrate: avoid ssh when moving a volume locally

Avoid the overhead of SSH when moving a volume between storages on the same node. Signed-off-by: Filip Schauer --- src/PVE/Storage.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm index 761f612..a2bef55 100755 --- a/src/PVE

[pve-devel] [PATCH storage v6 6/7] pvesm: add a move-volume command

container template to another node and delete the source: ``` pvesm move-volume \ local:vztmpl/devuan-4.0-standard_4.0_amd64.tar.gz local \ --target-node pvenode2 --delete ``` Signed-off-by: Filip Schauer --- src/PVE/CLI/pvesm.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/PVE

[pve-devel] [PATCH storage v6 4/7] storage: introduce decompress_archive_into_pipe helper

Extract the file decompression code into its own reusable subroutine. Signed-off-by: Filip Schauer --- src/PVE/Storage.pm | 64 +- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm index 8e94979

[pve-devel] [PATCH storage v6 2/7] api: content: implement moving a volume between storages

Add the ability to move an iso, snippet or vztmpl between storages and nodes. Use either curl to call the API method: ``` curl https://$APINODE:8006/api2/json/nodes/$SOURCENODE/storage/$SOURCESTORAGE/content/$SOURCEVOLUME \ --insecure --cookie "$( --- src/PVE/API2/Storage/Content.pm | 111

[pve-devel] [PATCH storage v6 5/7] support moving VMA backups to PBS

Extend the move API to support moving VMA backups to a Proxmox Backup Server. Signed-off-by: Filip Schauer --- debian/control | 1 + src/PVE/API2/Storage/Content.pm | 53 +++ src/PVE/Storage/PBSPlugin.pm| 65 + 3

[pve-devel] [PATCH storage v6 1/7] plugin: allow volume import of iso, snippets, vztmpl and import

templates between nodes. Existing behavior for importing VM disks and container volumes remains unchanged. Signed-off-by: Filip Schauer --- src/PVE/Storage/Plugin.pm | 72 ++- 1 file changed, 48 insertions(+), 24 deletions(-) diff --git a/src/PVE/Storage/Plugin.

[pve-devel] [PATCH storage v6 0/7] support moving volumes between storages

Add the ability to move a backup, ISO, container template, snippet, or OVA/OVF between storages and nodes via an API method. Moving a VMA backup to a Proxmox Backup Server requires the proxmox-vma-to-pbs package to be installed. Currently only VMA backups can be moved to a Proxmox Backup Server and

Re: [pve-devel] [PATCH v2 storage 07/10] iscsi direct plugin: support volume export

, 1.2 GB/s successfully imported 'local:117/vm-117-disk-0.raw' ``` Assigned the disk to a VM and it also booted up just fine. Trying to import into a user mode iSCSI storage fails as expected: ``` $ pvesm import tgtdirectstorage raw+size output cannot import into volume 'tgtdirectstora

Re: [pve-devel] [PATCH v2 storage 06/10] iscsi plugin: support volume export

fails as expected: ``` $ pvesm import tgtstorage raw+size output cannot import into volume 'tgtstorage' ``` Tested-by: Filip Schauer On 17/12/2024 16:48, Fiona Ebner wrote: Signed-off-by: Fiona Ebner --- New in v2. src/PVE/Storage/ISCSIPlug

[pve-devel] [PATCH container 3/3] implement device hotplug

Signed-off-by: Filip Schauer --- src/PVE/LXC.pm| 93 ++- src/PVE/LXC/Config.pm | 19 + 2 files changed, 111 insertions(+), 1 deletion(-) diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm index 12a4378..06902a1 100644 --- a/src/PVE/LXC.pm +++ b

[pve-devel] [PATCH container 0/3] implement device hotplug

Filip Schauer (3): extract apparmor profile & namespace switch to its own helper config: support printing a device implement device hotplug src/PVE/LXC.pm| 164 ++ src/PVE/LXC/Config.pm | 35 +++-- 2 files changed, 163 insertions(+)

[pve-devel] [PATCH container 2/3] config: support printing a device

Signed-off-by: Filip Schauer --- src/PVE/LXC/Config.pm | 16 +++- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm index 5cc37f7..b44bcce 100644 --- a/src/PVE/LXC/Config.pm +++ b/src/PVE/LXC/Config.pm @@ -1333,6 +1333,14

[pve-devel] [PATCH container 1/3] extract apparmor profile & namespace switch to its own helper

Signed-off-by: Filip Schauer --- src/PVE/LXC.pm | 71 +- 1 file changed, 41 insertions(+), 30 deletions(-) diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm index e78e365..12a4378 100644 --- a/src/PVE/LXC.pm +++ b/src/PVE/LXC.pm @@ -1982,15 +1982,42

[pve-devel] [PATCH common] tools: explain reason for the explicit PerlIO load

Explain the reason for the explicit `use PerlIO::scalar;` statement introduced in c4945bf ("tools: load PerlIO explicitly to avoid odd failures") Signed-off-by: Filip Schauer --- src/PVE/Tools.pm | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/PVE/

Re: [pve-devel] [PATCH v4 storage 0/6] support moving volumes between storages

Superseded by: https://lists.proxmox.com/pipermail/pve-devel/2024-November/066993.html On 18/09/2024 16:49, Filip Schauer wrote: Add the ability to move a backup, ISO, container template or snippet between storages and nodes via an API method. Moving a VMA backup to a Proxmox Backup Server

Re: [pve-devel] [PATCH v4 storage 2/6] api: content: implement moving a volume between storages

On 20/09/2024 16:27, Daniel Kral wrote: Also if I'm not missing something, this could also use a `format => 'pve-volume-id'`, but I can see that it isn't used in any other route in that module and is also only used in `PVE::Storage::Plugin::LVMPlugin`, `PVE::Storage::CLI::pvesm` and `pve-conta

[pve-devel] [PATCH storage v5 7/7] storage migrate: avoid ssh when moving a volume locally

Avoid the overhead of SSH when moving a volume between storages on the same node. Signed-off-by: Filip Schauer --- src/PVE/Storage.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm index 5d25a2a..c1f383a 100755 --- a/src/PVE

[pve-devel] [PATCH storage v5 5/7] support moving VMA backups to PBS

Extend the move API to support moving VMA backups to a Proxmox Backup Server. Signed-off-by: Filip Schauer --- debian/control | 1 + src/PVE/API2/Storage/Content.pm | 53 +++ src/PVE/Storage/PBSPlugin.pm| 65 + 3

[pve-devel] [PATCH storage v5 3/7] api: content: support moving backups between path based storages

This commit adds the "backup+size" export format. When this format is used, the data stream starts with metadata of the backup (protected flag & notes) followed by the contents of the backup archive. Signed-off-by: Filip Schauer --- src/PVE/API2/Storage/Content.pm | 15 +++

[pve-devel] [PATCH storage v5 2/7] api: content: implement moving a volume between storages

Add the ability to move an iso, snippet or vztmpl between storages and nodes. Use either curl to call the API method: ``` curl https://$APINODE:8006/api2/json/nodes/$SOURCENODE/storage/$SOURCESTORAGE/content/$SOURCEVOLUME \ --insecure --cookie "$( --- src/PVE/API2/Storage/Content.pm | 111

[pve-devel] [PATCH storage v5 6/7] pvesm: add a move-volume command

container template to another node and delete the source: ``` pvesm move-volume \ local:vztmpl/devuan-4.0-standard_4.0_amd64.tar.gz local \ --target-node pvenode2 --delete ``` Signed-off-by: Filip Schauer --- src/PVE/CLI/pvesm.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/PVE

[pve-devel] [PATCH storage v5 0/7] support moving volumes between storages

Add the ability to move a backup, ISO, container template, snippet, or OVA/OVF between storages and nodes via an API method. Moving a VMA backup to a Proxmox Backup Server requires the proxmox-vma-to-pbs package to be installed. Currently only VMA backups can be moved to a Proxmox Backup Server and

[pve-devel] [PATCH storage v5 1/7] plugin: allow volume import of iso, snippets, vztmpl and import

templates between nodes. Existing behavior for importing VM disks and container volumes remains unchanged. Signed-off-by: Filip Schauer --- src/PVE/Storage/Plugin.pm | 72 ++- 1 file changed, 48 insertions(+), 24 deletions(-) diff --git a/src/PVE/Storage/Plugin.

[pve-devel] [PATCH storage v5 4/7] storage: introduce decompress_archive_into_pipe helper

Extract the file decompression code into its own reusable subroutine. Signed-off-by: Filip Schauer --- src/PVE/Storage.pm | 64 +- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/src/PVE/Storage.pm b/src/PVE/Storage.pm index ae190cd

[pve-devel] [PATCH container] fix #5907: ignore conflicting mount options for read-only mounts

m cannot be mounted due to invalid option 'discard'. This commit ensures that only valid mount options, such as "nodev", "noexec", and "nosuid", are applied to read-only mounts, avoiding potential mount failures. Signed-off-by: Filip Schauer --- src/PVE/LX

  1   2   3   4   >