With the last change in the permission check, I accidentally broke the
check for 'spice' host value, since in the if/elsif/else this will fall
through to the else case which was only intended for when neither 'host'
nor 'mapping' was set.
This made 'spice' only settable by root@pam since there we return early.
To fix this, move the spice check into the 'host' branch, but only error
out in case it's not spice.
Fixes: e3971865 (enable cluster mapped USB devices for guests)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
$rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
my $device = PVE::JSONSchema::parse_property_string('pve-qm-usb', $value);
- if ($device->{host} && $device->{host} !~ m/^spice$/i) {
- die "only root can set '$opt' config for real devices\n";
+ if ($device->{host}) {
+ if ($device->{host} =~ m/^spice$/i) {
+ # already checked generic permission above
+ } else {
+ die "only root can set '$opt' config for real devices\n";
+ }
} elsif ($device->{mapping}) {
$rpcenv->check_full($authuser, "/mapping/usb/$device->{mapping}", ['Mapping.Use']);
} else {