[pve-devel] [PATCH qemu-server v4 6/9] allow non-root users to set /dev/hwrng as an RNG source
Filip Schauer
f.schauer at proxmox.com
Tue Feb 18 12:10:59 CET 2025
Allow users with the Mapping.Use privilege on the /mapping/hwrng path to
configure /dev/hwrng as an entropy source for VirtIO RNG devices.
Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
---
PVE/API2/Qemu.pm | 2 +-
PVE/QemuServer.pm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 2e99bf05..4d6a738d 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -812,7 +812,7 @@ my sub check_rng_perm {
my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng', $value);
if ($device->{source} && $device->{source} eq '/dev/hwrng') {
- die "only root can set '$opt' config for a non-mapped Hardware RNG device\n";
+ $rpcenv->check_full($authuser, "/mapping/hwrng", ['Mapping.Use']);
}
return 1;
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 007ff2fc..1d495fa8 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6404,7 +6404,7 @@ sub check_mapping_access {
my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng', $conf->{$opt});
if ($device->{source} && $device->{source} eq '/dev/hwrng') {
- die "only root can set '$opt' config for a non-mapped Hardware RNG device\n";
+ $rpcenv->check_full($user, "/mapping/hwrng", ['Mapping.Use']);
}
}
}
--
2.39.5
More information about the pve-devel
mailing list