[pve-devel] [PATCH guest-common v2 1/9] mapping: add a hardware RNG mapping config
Fiona Ebner
f.ebner at proxmox.com
Thu Jan 30 13:18:08 CET 2025
Am 29.01.25 um 16:53 schrieb Filip Schauer:
> +my $map_fmt = {
> + node => get_standard_option('pve-node'),
> + path => {
> + description => "The path to the device node of the entropy source.",
> + type => 'string',
> + pattern => qr/^\/dev\/.+$/,
Style nit: could use | or ! as the regex delimiter to improve readability
Can we restrict this up-front somehow? I'd even be inclined to start out
with the enum we had in qemu-server. A generic path below /dev seems
prone to abuse at a first glance. Mapping.Modify for hardware RNG should
not ease access to other devices. And the check_rng_source() doesn't
currently offer any real protection either (just restricts the
/dev/hwrng case).
More information about the pve-devel
mailing list