public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user
@ 2024-08-26 11:08 Filip Schauer
  2024-09-02 12:21 ` Fabian Grünbichler
  0 siblings, 1 reply; 4+ messages in thread
From: Filip Schauer @ 2024-08-26 11:08 UTC (permalink / raw)
  To: pve-devel

Allow any user with the VM.Config.HWType permission to add or remove a
VirtIO RNG device on a VM. This is in line with the behaviour of cloning
a VM and restoring a VM backup as defined in
PVE::QemuServer::check_mapping_access.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
 PVE/API2/Qemu.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index d25a79f..5ab65f9 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -592,6 +592,7 @@ my $hwtypeoptions = {
     'vga' => 1,
     'watchdog' => 1,
     'audio0' => 1,
+    'rng0' => 1,
 };
 
 my $generaloptions = {
-- 
2.39.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user
  2024-08-26 11:08 [pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user Filip Schauer
@ 2024-09-02 12:21 ` Fabian Grünbichler
  2024-09-03 13:58   ` Filip Schauer
  0 siblings, 1 reply; 4+ messages in thread
From: Fabian Grünbichler @ 2024-09-02 12:21 UTC (permalink / raw)
  To: Proxmox VE development discussion

On August 26, 2024 1:08 pm, Filip Schauer wrote:
> Allow any user with the VM.Config.HWType permission to add or remove a
> VirtIO RNG device on a VM. This is in line with the behaviour of cloning
> a VM and restoring a VM backup as defined in
> PVE::QemuServer::check_mapping_access.

IIRC this was intentional, since passing in the hardware RNG can starve
the host of entropy rather quickly. is this no longer the case, or
handled by some other check? if so, please include these details here.
if not, then I don't think we want to go with this patch - but maybe we
want to tighten some other code paths instead ;)

> 
> Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
> ---
>  PVE/API2/Qemu.pm | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index d25a79f..5ab65f9 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -592,6 +592,7 @@ my $hwtypeoptions = {
>      'vga' => 1,
>      'watchdog' => 1,
>      'audio0' => 1,
> +    'rng0' => 1,
>  };
>  
>  my $generaloptions = {
> -- 
> 2.39.2
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user
  2024-09-02 12:21 ` Fabian Grünbichler
@ 2024-09-03 13:58   ` Filip Schauer
  2024-10-24 11:16     ` Fabian Grünbichler
  0 siblings, 1 reply; 4+ messages in thread
From: Filip Schauer @ 2024-09-03 13:58 UTC (permalink / raw)
  To: pve-devel

On 02/09/2024 14:21, Fabian Grünbichler wrote:
> IIRC this was intentional, since passing in the hardware RNG can starve
> the host of entropy rather quickly. is this no longer the case, or
> handled by some other check? if so, please include these details here.
> if not, then I don't think we want to go with this patch - but maybe we
> want to tighten some other code paths instead 😉


Reading from /dev/urandom has never consumed entropy and reading from
/dev/random no longer poses a concern since the kernel no longer uses a
blocking entropy pool. [1] The only potential issue might be the
starvation of the hardware RNG when /dev/hwrng is used. So we might not
want to allow a non-root user to configure /dev/hwrng, but letting
non-root users configure the other two options (/dev/urandom and
/dev/random) seems reasonable.

It might make sense to only allow non-root users to configure
/dev/urandom and /dev/random as RNG sources.

[1] https://lwn.net/Articles/808575/



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user
  2024-09-03 13:58   ` Filip Schauer
@ 2024-10-24 11:16     ` Fabian Grünbichler
  0 siblings, 0 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2024-10-24 11:16 UTC (permalink / raw)
  To: Proxmox VE development discussion

On September 3, 2024 3:58 pm, Filip Schauer wrote:
> On 02/09/2024 14:21, Fabian Grünbichler wrote:
>> IIRC this was intentional, since passing in the hardware RNG can starve
>> the host of entropy rather quickly. is this no longer the case, or
>> handled by some other check? if so, please include these details here.
>> if not, then I don't think we want to go with this patch - but maybe we
>> want to tighten some other code paths instead 😉
> 
> 
> Reading from /dev/urandom has never consumed entropy and reading from
> /dev/random no longer poses a concern since the kernel no longer uses a
> blocking entropy pool. [1] The only potential issue might be the
> starvation of the hardware RNG when /dev/hwrng is used. So we might not
> want to allow a non-root user to configure /dev/hwrng, but letting
> non-root users configure the other two options (/dev/urandom and
> /dev/random) seems reasonable.

yes, I was talking about the hardware RNG!

> It might make sense to only allow non-root users to configure
> /dev/urandom and /dev/random as RNG sources.

we could also define some sort of mapping-like thing for the hardware
RNG to allow semi-privileged users to pass it through, after a highly
privileged user set it up and gave them access? but we could wait until
somebody requests that ;)

> 
> [1] https://lwn.net/Articles/808575/
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-10-24 11:17 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-26 11:08 [pve-devel] [PATCH qemu-server] fix #5657: allow configuring RNG device as non-root user Filip Schauer
2024-09-02 12:21 ` Fabian Grünbichler
2024-09-03 13:58   ` Filip Schauer
2024-10-24 11:16     ` Fabian Grünbichler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal