Currently, as an unprivileged user with role PVEVMUser the GUI breaks
with an error after navigating to a VM's hardware tab. The reason is
that the frontend checks the GUI capabilities via accessing
`caps.mapping.hwrng`, but `caps.mapping` does not actually have a
property called `hwrng`.
The reason this does not trigger for more privileged users is that all
expressions involving `caps.mapping.hwrng` are short-circuited if the
user has privilege `VM.Config.HWType`, so `caps.mapping.hwrng` is
never evaluated.
Fixes: a47a8afb ("ui: let non-root users configure VirtIO RNG devices")
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Link: https://lore.proxmox.com/20250408163856.116576-1-f.weber@proxmox.com
[TL: typos in commit message]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Allow non-root users with the VM.Config.HWType privilege to configure
/dev/urandom & /dev/random as an entropy source for a VirtIO RNG device.
Users with the Mapping.Use privilege on the /mapping/hwrng ACL path may
also configure /dev/hwrng as an entropy source.
Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
Previously, the "Add -> TPM State" menu item in the GUI was disabled
if the user did not have Sys.Console privileges. This deviated from
the permission check in the backend, which does not require
Sys.Console but (among others) VM.Config.Disk.
Fix this inconsistency by checking for VM.Config.Disk in the frontend
instead of Sys.Console.
Reported in enterprise support.
Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
The backend uses a 10 minute timeout for disk hot-unplug, so avoid
using the synchronous call which only has a 30 second timeout.
Commit 3b2e557f ("close #584: ui qemu: changed remove unused disk to
asynchron call") introduced the necessary functionality when removing
unused disks.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Avoids spawning a progress window for tasks that do complete more
quickly than the background delay.
Currently, the remove task is only asynchronous (i.e. using POST) when
it's for an unused disk, but this might change in the future (e.g. for
hot-unplug).
When adding a disk, a background delay of 5 seconds is already used.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
qemu/HardwareView:
with the new Hardware privileges, we want to adapt a few places where
we now allow to show the add/edit window with those permissions.
form/{PCI,USB}Selector:
increase the minHeight property of the PCI/USBSelector, so that
the user can see the error message if he has not enough permissions.
data/PermPathStore:
add '/hardware' to the list of acl paths
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Checking for only Sys.Console prevents users who actually have the
correct permissions (VM.Config.CDROM, VM.Config.Cloudinit) from adding
a new cloud-init drive. Some checks needed to be adapted so that editing
cloud-init devices was possible with VM.Config.CDROM instead of
VM.Config.Disk.
Signed-off-by: Leo Nunner <l.nunner@proxmox.com>
so that the default value and limits actually correspond to what will
be used. Defaults to values for cgroup v2, because that is the more
common scenario.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
in the backend, we allow up to 14 usb ports, but only if the vm can
use the qemu-xhci controller which is only possible since machine
version 7.1 and if the ostype is l26 or windows > 7
for this we introduce two helpers:
* qemu_min_version: modeled after the signature of 'min_version' from
qemu-server, expects two arrays of versions and returns true if
the first parameter is equal or greater than the second version
* get_max_usb_count looks at the given ostype and machine string
and returns the proper maximum number
since we don't currently have the actual running version of the vm in
the gui, this is only a heuristic for running vms. but since the actual
running version could only be lower if none is set (e.g. for
migrated/long-running vms) we allow more in the gui and the backend will
do the proper thing (either hotplug it, or make it a pending change)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
For the new HDReassign component, we follow the approach of HDMove to
have one componend for qemu and lxc.
To avoid button clutter, a new "Disk/Volume action" button is
introduced. It holds the Move, Reassign and Resize buttons in a
sub-menu.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-by: Fabian Ebner <f.ebner@proxmox.com>
drop only partially used intermediate value, use template strings,
reduce line bloat while trying to keep it readable.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Inspired by HDEfi for efidisks. Extends the DiskStorageSelector to allow
hiding the format, since tpmstate can only be stored in 'raw' format
(even on directory storages).
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
The default is not just "i440fx", this hides the fact that the version
will be pinned to 5.1, unless one deliberately opens the editor.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
There are several types of drives that use the same config keys. Most
notably CDRom and regular VM disks (EFI and cloudinit exist as well).
Since there is a dedicated permission for CDRom drives we need to check
permissions in more detail, depending on what type of drive it actually
is for things like the edit, remove and Add -> CDRom buttons.
The permission check in the row definition itself which only checked for
'VM.Config.Disk' permissions (never_delete) had to be removed and finer
grained checks added for the individual buttons. This also meant a bit
of reshuffling in the checks what kind of disk the current one is.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
By removing global vars 'i' and 'confid' and declaring them with let in the needed
context.
'i' wasn't necessary but had to be touched anyway.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
Make sure that the `Add EFI Disk` button is disabled if the user does
not have the needed permissions.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
