From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id B214E1FF15E
	for <inbox@lore.proxmox.com>; Tue, 11 Feb 2025 13:35:11 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 390102BA5F;
	Tue, 11 Feb 2025 13:35:01 +0100 (CET)
Date: Tue, 11 Feb 2025 13:34:53 +0100
From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
References: <20250210153734.103381-1-f.schauer@proxmox.com>
In-Reply-To: <20250210153734.103381-1-f.schauer@proxmox.com>
MIME-Version: 1.0
User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid)
Message-Id: <1739276885.8xye6t1gw6.astroid@yuna.none>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.046 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH cluster/guest-common/manager/qemu-server v3
 00/11] fix #5657: allow configuring RNG device as non-root user
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

On February 10, 2025 4:37 pm, Filip Schauer wrote:
> Allow users with the VM.Config.HWType privilege to configure VirtIO RNG
> devices on VMs with either /dev/urandom or /dev/random as the entropy
> source.
> 
> Further introduce hardware RNG device mapping to be able to selectively
> allow non-root users with the Mapping.Use privilege to configure
> hardware RNG devices as entropy sources.

some high level questions here:

- this series allows direct access to /dev/urandom and /dev/random, but
  also allows setting up mappings to them (the mapping seems unnecessary)
- the only other (restricted) value is /dev/hwrng

wouldn't it be easier to just define an ACL path for /dev/hwrng, and
skip all the mapping setup if the only sensible mapping you can set up
is a single one for /dev/hwrng?

do we expect other hardware RNG device paths in the future?

else the only benefit of the full-fledged mapping is that you can
"alias" and describe RNG sources and limit them to certain nodes, and I
am not sure that is worth all this machinery and an extra config file ;)
aliasing makes very little sense if there is only three valid choices
that have descriptive names anyway. I also expect that most people using
this would want to give the VM access to the hwrng on all nodes..

other than this the series looks good to me, just a few nits (see
individual patches)

> 
> Changes since v2:
> * Restrict RNG device format to enum of
> * Add descriptive commit message
> * Code style fixes
> * Remove outdated remarks about entropy stravation of /dev/random
> * Split helpers for VirtIO RNG command line arguments into its own
>   commit
> * Add explicit "use PVE::QemuServer::RNG;" statement to PVE/API2/Qemu.pm
> * Fix "map: type check ('array') failed" error when adding a mapping in
>   the UI
> * ui: split resource mapping types into tabbed views
> 
> Changes since v1:
> * Restrict use of /dev/hwrng to the root user
> * introduce hardware RNG mapping
> 
> pve-guest-common:
> 
> Filip Schauer (1):
>   mapping: add a hardware RNG mapping config
> 
>  src/Makefile             |   1 +
>  src/PVE/Mapping/HWRNG.pm | 147 +++++++++++++++++++++++++++++++++++++++
>  2 files changed, 148 insertions(+)
>  create mode 100644 src/PVE/Mapping/HWRNG.pm
> 
> 
> pve-cluster:
> 
> Filip Schauer (1):
>   cfs: add 'mapping/hwrng.cfg' to observed files
> 
>  src/PVE/Cluster.pm  | 1 +
>  src/pmxcfs/status.c | 1 +
>  2 files changed, 2 insertions(+)
> 
> 
> pve-manager:
> 
> Filip Schauer (5):
>   introduce hardware rng mapping api
>   introduce hardware rng scanning api
>   ui: add hardware RNG resource mapping
>   ui: allow use of mapped hardware RNGs as entropy sources for VMs
>   ui: split resource mapping types into tabbed views
> 
>  PVE/API2/Cluster/Mapping.pm                   |   7 +
>  PVE/API2/Cluster/Mapping/HWRNG.pm             | 286 ++++++++++++++++++
>  PVE/API2/Cluster/Mapping/Makefile             |   5 +-
>  PVE/API2/Hardware.pm                          |   7 +
>  PVE/API2/Hardware/HWRNG.pm                    |  47 +++
>  PVE/API2/Hardware/Makefile                    |   1 +
>  www/manager6/Makefile                         |  12 +-
>  www/manager6/data/PermPathStore.js            |   1 +
>  www/manager6/dc/Config.js                     |  41 +--
>  www/manager6/form/HWRNGMapSelector.js         |  99 ++++++
>  www/manager6/qemu/HardwareView.js             |   9 +-
>  www/manager6/qemu/RNGEdit.js                  |  79 +++--
>  www/manager6/resource-map/HWRNGMapEdit.js     | 149 +++++++++
>  www/manager6/resource-map/HWRNGMapView.js     |  76 +++++
>  .../{window => resource-map}/PCIMapEdit.js    |   2 +-
>  .../{dc => resource-map}/PCIMapView.js        |   4 +-
>  www/manager6/resource-map/ResourceMapView.js  |  23 ++
>  .../{window => resource-map}/USBMapEdit.js    |   2 +-
>  .../{dc => resource-map}/USBMapView.js        |   4 +-
>  19 files changed, 778 insertions(+), 76 deletions(-)
>  create mode 100644 PVE/API2/Cluster/Mapping/HWRNG.pm
>  create mode 100644 PVE/API2/Hardware/HWRNG.pm
>  create mode 100644 www/manager6/form/HWRNGMapSelector.js
>  create mode 100644 www/manager6/resource-map/HWRNGMapEdit.js
>  create mode 100644 www/manager6/resource-map/HWRNGMapView.js
>  rename www/manager6/{window => resource-map}/PCIMapEdit.js (99%)
>  rename www/manager6/{dc => resource-map}/PCIMapView.js (96%)
>  create mode 100644 www/manager6/resource-map/ResourceMapView.js
>  rename www/manager6/{window => resource-map}/USBMapEdit.js (99%)
>  rename www/manager6/{dc => resource-map}/USBMapView.js (95%)
> 
> 
> qemu-server:
> 
> Filip Schauer (4):
>   refactor: move rng related code into its own module
>   add helpers for VirtIO RNG command line arguments
>   allow non-root users to set /dev/u?random as an RNG source
>   let VirtIO RNG devices source entropy from mapped HWRNGs
> 
>  PVE/API2/Qemu.pm        |  48 +++++++++++++
>  PVE/QemuServer.pm       |  97 ++++++-------------------
>  PVE/QemuServer/Makefile |   1 +
>  PVE/QemuServer/RNG.pm   | 153 ++++++++++++++++++++++++++++++++++++++++
>  4 files changed, 224 insertions(+), 75 deletions(-)
>  create mode 100644 PVE/QemuServer/RNG.pm
> 
> 
> Summary over all repositories:
>   27 files changed, 1152 insertions(+), 151 deletions(-)
> 
> -- 
> Generated by git-murpp 0.6.0
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel