From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 4B7401FF170 for ; Mon, 2 Sep 2024 14:21:30 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2E93CAEED; Mon, 2 Sep 2024 14:22:01 +0200 (CEST) Date: Mon, 02 Sep 2024 14:21:24 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion References: <20240826110813.48607-1-f.schauer@proxmox.com> In-Reply-To: <20240826110813.48607-1-f.schauer@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1725279630.9uoqe2ghgi.astroid@yuna.none> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.055 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" On August 26, 2024 1:08 pm, Filip Schauer wrote: > Allow any user with the VM.Config.HWType permission to add or remove a > VirtIO RNG device on a VM. This is in line with the behaviour of cloning > a VM and restoring a VM backup as defined in > PVE::QemuServer::check_mapping_access. IIRC this was intentional, since passing in the hardware RNG can starve the host of entropy rather quickly. is this no longer the case, or handled by some other check? if so, please include these details here. if not, then I don't think we want to go with this patch - but maybe we want to tighten some other code paths instead ;) > > Signed-off-by: Filip Schauer > --- > PVE/API2/Qemu.pm | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm > index d25a79f..5ab65f9 100644 > --- a/PVE/API2/Qemu.pm > +++ b/PVE/API2/Qemu.pm > @@ -592,6 +592,7 @@ my $hwtypeoptions = { > 'vga' => 1, > 'watchdog' => 1, > 'audio0' => 1, > + 'rng0' => 1, > }; > > my $generaloptions = { > -- > 2.39.2 > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel