[pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Sep 2 14:21:24 CEST 2024
On August 26, 2024 1:08 pm, Filip Schauer wrote:
> Allow any user with the VM.Config.HWType permission to add or remove a
> VirtIO RNG device on a VM. This is in line with the behaviour of cloning
> a VM and restoring a VM backup as defined in
> PVE::QemuServer::check_mapping_access.
IIRC this was intentional, since passing in the hardware RNG can starve
the host of entropy rather quickly. is this no longer the case, or
handled by some other check? if so, please include these details here.
if not, then I don't think we want to go with this patch - but maybe we
want to tighten some other code paths instead ;)
>
> Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
> ---
> PVE/API2/Qemu.pm | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index d25a79f..5ab65f9 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -592,6 +592,7 @@ my $hwtypeoptions = {
> 'vga' => 1,
> 'watchdog' => 1,
> 'audio0' => 1,
> + 'rng0' => 1,
> };
>
> my $generaloptions = {
> --
> 2.39.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
More information about the pve-devel
mailing list