From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 21C741FF189
	for <inbox@lore.proxmox.com>; Fri,  4 Apr 2025 11:21:50 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 935291A8F1;
	Fri,  4 Apr 2025 11:21:36 +0200 (CEST)
MIME-Version: 1.0
In-Reply-To: <20250218111102.40055-1-f.schauer@proxmox.com>
References: <20250218111102.40055-1-f.schauer@proxmox.com>
From: Fabian =?utf-8?q?Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
To: Filip Schauer <f.schauer@proxmox.com>, pve-devel@lists.proxmox.com
Date: Fri, 04 Apr 2025 11:21:28 +0200
Message-ID: <174375848820.255921.5065177221365574043@yuna.proxmox.com>
User-Agent: alot/0.10
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.103 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 POISEN_SPAM_PILL          0.1 Meta: its spam
 POISEN_SPAM_PILL_1        0.1 random spam to be learned in bayes
 POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] applied-series: [PATCH manager/qemu-server v4 0/9] fix
 #5657: allow configuring RNG device as non-root user
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

with a small follow-up in pve-manager to correctly sort the ACL paths in the
selector

thanks!

Quoting Filip Schauer (2025-02-18 12:10:53)
> Allow users with the VM.Config.HWType privilege to configure VirtIO RNG
> devices on VMs with either /dev/urandom or /dev/random as the entropy
> source. Users with the Mapping.Use privilege on the /mapping/hwrng ACL
> path may also configure /dev/hwrng as an entropy source.
> 
> Changes since v3:
> * Remove hardware RNG resource mapping and introduce /mapping/hwrng ACL
>   path instead
> * Split some changes into separate commits
> 
> Changes since v2:
> * Restrict RNG device format to enum of
> * Add descriptive commit message
> * Code style fixes
> * Remove outdated remarks about entropy stravation of /dev/random
> * Split helpers for VirtIO RNG command line arguments into its own
>   commit
> * Add explicit "use PVE::QemuServer::RNG;" statement to PVE/API2/Qemu.pm
> * Fix "map: type check ('array') failed" error when adding a mapping in
>   the UI
> * ui: split resource mapping types into tabbed views
> 
> Changes since v1:
> * Restrict use of /dev/hwrng to the root user
> * introduce hardware RNG mapping
> 
> qemu-server:
> 
> Filip Schauer (6):
>   remove outdated /dev/random entropy-starvation warnings
>   refactor: move rng related code into its own module
>   add helpers for VirtIO RNG command line arguments
>   refactor: check_mapping_access: move root user check to the top
>   allow non-root users to set /dev/u?random as an RNG source
>   allow non-root users to set /dev/hwrng as an RNG source
> 
>  PVE/API2/Qemu.pm        |  29 ++++++++++
>  PVE/QemuServer.pm       |  95 +++++++-------------------------
>  PVE/QemuServer/Makefile |   1 +
>  PVE/QemuServer/RNG.pm   | 116 ++++++++++++++++++++++++++++++++++++++++
>  4 files changed, 164 insertions(+), 77 deletions(-)
>  create mode 100644 PVE/QemuServer/RNG.pm
> 
> 
> pve-manager:
> 
> Filip Schauer (3):
>   ui: remove warning about entropy starvation of /dev/random
>   ui: permissions: add ACL path for hardware RNG
>   ui: let non-root users configure VirtIO RNG devices
> 
>  www/manager6/data/PermPathStore.js |  1 +
>  www/manager6/qemu/HardwareView.js  |  9 ++++-----
>  www/manager6/qemu/RNGEdit.js       | 13 -------------
>  3 files changed, 5 insertions(+), 18 deletions(-)
> 
> 
> Summary over all repositories:
>   7 files changed, 169 insertions(+), 95 deletions(-)
> 
> -- 
> Generated by git-murpp 0.6.0
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel