proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-08-15 09:22:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ui: let non-root users configure VirtIO RNG devices

Browse Source 
Allow non-root users with the VM.Config.HWType privilege to configure
/dev/urandom & /dev/random as an entropy source for a VirtIO RNG device.
Users with the Mapping.Use privilege on the /mapping/hwrng ACL path may
also configure /dev/hwrng as an entropy source.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
This commit is contained in:
Filip Schauer 2025-02-18 12:11:02 +01:00 committed by Fabian Grünbichler
parent ce2e0bc32c
commit a47a8afb00
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
www/manager6/qemu/HardwareView.js
View File

@ -315,8 +315,8 @@ Ext.define('PVE.qemu.HardwareView', {
rows.rng0 = { rows.rng0 = {
group: 45, group: 45,
tdCls: 'pve-itype-icon-die', tdCls: 'pve-itype-icon-die',
editor: caps.nodes['Sys.Console'] ? 'PVE.qemu.RNGEdit' : undefined, editor: caps.vms['VM.Config.HWType'] || caps.mapping.hwrng['Mapping.Use'] ? 'PVE.qemu.RNGEdit' : undefined,
never_delete: !caps.nodes['Sys.Console'], never_delete: !caps.vms['VM.Config.HWType'] && !caps.mapping.hwrng['Mapping.Use'],
header: gettext("VirtIO RNG"), header: gettext("VirtIO RNG"),
}; };
@ -588,7 +588,6 @@ Ext.define('PVE.qemu.HardwareView', {
}); });
// heuristic only for disabling some stuff, the backend has the final word. // heuristic only for disabling some stuff, the backend has the final word.
const noSysConsolePerm = !caps.nodes['Sys.Console'];
const noHWPerm = !caps.nodes['Sys.Console'] && !caps.mapping['Mapping.Use']; const noHWPerm = !caps.nodes['Sys.Console'] && !caps.mapping['Mapping.Use'];
const noVMConfigHWTypePerm = !caps.vms['VM.Config.HWType']; const noVMConfigHWTypePerm = !caps.vms['VM.Config.HWType'];
const noVMConfigNetPerm = !caps.vms['VM.Config.Network']; const noVMConfigNetPerm = !caps.vms['VM.Config.Network'];
@ -601,7 +600,7 @@ Ext.define('PVE.qemu.HardwareView', {
me.down('#addAudio').setDisabled(noVMConfigHWTypePerm || isAtLimit('audio')); me.down('#addAudio').setDisabled(noVMConfigHWTypePerm || isAtLimit('audio'));
me.down('#addSerial').setDisabled(noVMConfigHWTypePerm || isAtLimit('serial')); me.down('#addSerial').setDisabled(noVMConfigHWTypePerm || isAtLimit('serial'));
me.down('#addNet').setDisabled(noVMConfigNetPerm || isAtLimit('net')); me.down('#addNet').setDisabled(noVMConfigNetPerm || isAtLimit('net'));
me.down('#addRng').setDisabled(noSysConsolePerm || isAtLimit('rng')); me.down('#addRng').setDisabled(noVMConfigHWTypePerm || isAtLimit('rng'));
efidisk_menuitem.setDisabled(noVMConfigDiskPerm || isAtLimit('efidisk')); efidisk_menuitem.setDisabled(noVMConfigDiskPerm || isAtLimit('efidisk'));
me.down('#addTpmState').setDisabled(noVMConfigDiskPerm || isAtLimit('tpmstate')); me.down('#addTpmState').setDisabled(noVMConfigDiskPerm || isAtLimit('tpmstate'));
me.down('#addCloudinitDrive').setDisabled(noVMConfigCDROMPerm || noVMConfigCloudinitPerm || hasCloudInit); me.down('#addCloudinitDrive').setDisabled(noVMConfigCDROMPerm || noVMConfigCloudinitPerm || hasCloudInit);
@ -745,7 +744,7 @@ Ext.define('PVE.qemu.HardwareView', {
text: gettext("VirtIO RNG"), text: gettext("VirtIO RNG"),
itemId: 'addRng', itemId: 'addRng',
iconCls: 'pve-itype-icon-die', iconCls: 'pve-itype-icon-die',
disabled: !caps.nodes['Sys.Console'], disabled: !caps.vms['VM.Config.HWType'] && !caps.mapping.hwrng['Mapping.Use'],
handler: editorFactory('RNGEdit'), handler: editorFactory('RNGEdit'),
}, },
], ],