[pve-devel] [PATCH cluster/guest-common/manager/qemu-server v2 0/9] fix #5657: allow configuring RNG device as non-root user

[Fiona Ebner]

Am 29.01.25 um 16:53 schrieb Filip Schauer:
> Allow users with the VM.Config.HWType privilege to configure VirtIO RNG
> devices on VMs with either /dev/urandom or /dev/random as the entropy
> source.
> 
> Further introduce hardware RNG device mapping to be able to selectively
> allow non-root users with the Mapping.Use privilege to configure
> hardware RNG devices as entropy sources.
>

It's a lot of overhead for a very specific kind of device. What irks me
is that we have a lot of boilerplate duplication for each new mapping
type, also for the API endpoints. Nothing specific to your series of
course, but maybe something we could/should address? In the UI, it
probably would also be better to have a separate view for each mapping
type? Markus needs directory mappings for virtio-fs and then we would
have 4 different mapping kinds in a single view, which IMHO is just too
much.

Maybe we can introduce a dedicated base module for Mapping Section
configs? And also have standard options for the common params in the
schema. Same applies for the API endpoints, would be nice to have a way
to more easily generate them or at least capture the functionality that
is 1:1 with some helpers. Again, nothing specific to your series. Just
putting it out there for discussion or if somebody wants to grab that
task :)

When I try to add a mapping in the UI, I get
Parameter verification failed. (400)
map: type check ('array') failed