[pve-devel] [PATCH qemu-server v2 8/9] allow non-root users to set /dev/u?random as an RNG source
Fiona Ebner
f.ebner at proxmox.com
Thu Jan 30 13:18:05 CET 2025
Am 29.01.25 um 16:53 schrieb Filip Schauer:
> Allow non-root users with the VM.Config.HWType privilege to configure
> /dev/urandom & /dev/random as an entropy source for a VirtIO RNG device.
> /dev/hwrng remains restricted to the root user.
>
> Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
> ---
> PVE/API2/Qemu.pm | 42 ++++++++++++++++++++++++++++++++++++++++++
> PVE/QemuServer.pm | 13 +++++++++++--
> 2 files changed, 53 insertions(+), 2 deletions(-)
>
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index db356b7e..8262c9d4 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -670,6 +670,7 @@ my $hwtypeoptions = {
> 'vga' => 1,
> 'watchdog' => 1,
> 'audio0' => 1,
> + 'rng0' => 1,
> };
>
> my $generaloptions = {
> @@ -798,6 +799,36 @@ my sub check_vm_create_hostpci_perm {
> return 1;
> };
>
> +my sub check_rng_perm {
> + my ($rpcenv, $authuser, $vmid, $pool, $opt, $value) = @_;
> +
> + return 1 if $authuser eq 'root at pam';
> +
> + $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
> +
> + my $device = PVE::JSONSchema::parse_property_string('pve-qm-rng', $value);
Nit: missing explicit use statement for the RNG module (that is where
the format is registered).
More information about the pve-devel
mailing list