mirror of
https://git.proxmox.com/git/qemu-server
synced 2025-08-03 04:26:09 +00:00
allow non root users to add spice usb port
using the same logic like serialX: socket users need VM.Config.HWType for usbX: spice but only root can add/remove real devices Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
parent
e30f75c571
commit
165be267eb
@ -310,8 +310,8 @@ my $check_vm_modify_config_perm = sub {
|
||||
# some checks need to be done somewhere else
|
||||
next if PVE::QemuServer::is_valid_drivename($opt);
|
||||
next if $opt eq 'cdrom';
|
||||
next if $opt =~ m/^unused\d+$/;
|
||||
next if $opt =~ m/^serial\d+$/;
|
||||
next if $opt =~ m/^(?:unused|serial|usb)\d+$/;
|
||||
|
||||
|
||||
if ($cpuoptions->{$opt} || $opt =~ m/^numa\d+$/) {
|
||||
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
|
||||
@ -332,7 +332,7 @@ my $check_vm_modify_config_perm = sub {
|
||||
} elsif ($cloudinitoptions->{$opt} || ($opt =~ m/^(?:net|ipconfig)\d+$/)) {
|
||||
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
|
||||
} else {
|
||||
# catches usb\d+, hostpci\d+, args, lock, etc.
|
||||
# catches hostpci\d+, args, lock, etc.
|
||||
# new options will be checked here
|
||||
die "only root can set '$opt' config\n";
|
||||
}
|
||||
@ -1199,6 +1199,14 @@ my $update_vm_api = sub {
|
||||
}
|
||||
PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
|
||||
PVE::QemuConfig->write_config($vmid, $conf);
|
||||
} elsif ($opt =~ m/^usb\d+$/) {
|
||||
if ($conf->{$opt} =~ m/spice/) {
|
||||
$rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
|
||||
} elsif ($authuser ne 'root@pam') {
|
||||
die "only root can delete '$opt' config for real devices\n";
|
||||
}
|
||||
PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
|
||||
PVE::QemuConfig->write_config($vmid, $conf);
|
||||
} else {
|
||||
PVE::QemuServer::vmconfig_delete_pending_option($conf, $opt, $force);
|
||||
PVE::QemuConfig->write_config($vmid, $conf);
|
||||
@ -1231,6 +1239,13 @@ my $update_vm_api = sub {
|
||||
die "only root can modify '$opt' config for real devices\n";
|
||||
}
|
||||
$conf->{pending}->{$opt} = $param->{$opt};
|
||||
} elsif ($opt =~ m/^usb\d+/) {
|
||||
if ((!defined($conf->{$opt}) || $conf->{$opt} =~ m/spice/) && $param->{$opt} =~ m/spice/) {
|
||||
$rpcenv->check_vm_perm($authuser, $vmid, undef, ['VM.Config.HWType']);
|
||||
} elsif ($authuser ne 'root@pam') {
|
||||
die "only root can modify '$opt' config for real devices\n";
|
||||
}
|
||||
$conf->{pending}->{$opt} = $param->{$opt};
|
||||
} else {
|
||||
$conf->{pending}->{$opt} = $param->{$opt};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user