Re: [pve-devel] [PATCH manager] ui: qemu: hardware view: fix hwrng cap check for unprivileged users

From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: Friedrich Weber <f.weber@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH manager] ui: qemu: hardware view: fix hwrng cap check for unprivileged users
Date: Tue, 8 Apr 2025 19:59:59 +0200	[thread overview]
Message-ID: <20250408195959.0b1f3aaf@rosa.proxmox.com> (raw)
In-Reply-To: <20250408163856.116576-1-f.weber@proxmox.com>

On Tue,  8 Apr 2025 18:38:56 +0200
Friedrich Weber <f.weber@proxmox.com> wrote:

> Currently, as an unprivileged user with role PVEVMUser the GUI breaks
> with an error after navigating to a VM's hardware tab. The reason is
> that the frontend checks the GUI capabilites via `caps.mapping.hwrng`,
> but `caps.mapping` does not actually have a property called `hwrng`.
> 
> The reason this does not trigger for more privileged users is that all
> expressions involving `caps.mapping.hwrng` are short-circuited if the
> user has privilege `VM.Config.Type`, so `caps.mapping.hwrng` is never
> evaluated.
> 
> Fixes: a47a8afb ("ui: let non-root users configure VirtIO RNG devices")
> Signed-off-by: Friedrich Weber <f.weber@proxmox.com>

Thanks for tackling this so quick!
Managed to reproduce the original issue - your patch fixes it for me as
well!

it improves the current situation significantly:
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>

In general I think the permissions seems a sensible choice (Mapping.Use
on /mapping/hwrng ) (we used Sys.Console for the RNG before (and for
other similarly sensitive places, as very high privilege below root@pam
only)

as talked with Friedrich off-list - understanding how the negation affects
what is displayed and what not in the menues took us a bit too long.

I'll send a follow-up to unify pci and usb-device add-entry enabling with
the the one for the RNG (the backend seems to use the same for all 3)

> ---
> 
> Notes:
>     I wasn't actually sure whether `caps` may have such a 2-level structure
>     in some cases, but it doesn't seem like it. After applying this patch
>     to pve-manager:
>     
>       % ag 'caps\.[^\[.]+\.'  | wc -l
>       0
> 
>  www/manager6/qemu/HardwareView.js | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/www/manager6/qemu/HardwareView.js b/www/manager6/qemu/HardwareView.js
> index 4ce9908c..b949264f 100644
> --- a/www/manager6/qemu/HardwareView.js
> +++ b/www/manager6/qemu/HardwareView.js
> @@ -316,8 +316,8 @@ Ext.define('PVE.qemu.HardwareView', {
>  	rows.rng0 = {
>  	    group: 45,
>  	    tdCls: 'pve-itype-icon-die',
> -	    editor: caps.vms['VM.Config.HWType'] || caps.mapping.hwrng['Mapping.Use'] ? 'PVE.qemu.RNGEdit' : undefined,
> -	    never_delete: !caps.vms['VM.Config.HWType'] && !caps.mapping.hwrng['Mapping.Use'],
> +	    editor: caps.vms['VM.Config.HWType'] || caps.mapping['Mapping.Use'] ? 'PVE.qemu.RNGEdit' : undefined,
> +	    never_delete: !caps.vms['VM.Config.HWType'] && !caps.mapping['Mapping.Use'],
>  	    header: gettext("VirtIO RNG"),
>  	};
>  	for (let i = 0; i < PVE.Utils.hardware_counts.virtiofs; i++) {
> @@ -757,7 +757,7 @@ Ext.define('PVE.qemu.HardwareView', {
>  				text: gettext("VirtIO RNG"),
>  				itemId: 'addRng',
>  				iconCls: 'pve-itype-icon-die',
> -				disabled: !caps.vms['VM.Config.HWType'] && !caps.mapping.hwrng['Mapping.Use'],
> +				disabled: !caps.vms['VM.Config.HWType'] && !caps.mapping['Mapping.Use'],
>  				handler: editorFactory('RNGEdit'),
>  			    },
>  			    {

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel