"only root can set 'hostpci1' config for non-mapped devices" in PVE8 despite patches for #3829

[btravouillon]

Looks like the code changed in PVE 8. While custom patch for #3829 are applied, trying to create VMs with a token for root@pam fails with :

    "msg": "creation of qemu VM gpulab2 with vmid 1022 failed with exception=500 Internal Server Error: only root can set 'hostpci1' config for non-mapped devices",

Workaround: update the function below and restart pvedaemon.service on the hosts.

my sub check_hostpci_perm {
    my ($rpcenv, $authuser, $vmid, $pool, $opt, $value) = @_;

    return 1 if (substr($authuser, 0, 8)) eq 'root@pam';

    my $device = PVE::JSONSchema::parse_property_string('pve-qm-hostpci', $value);
    if ($device->{host}) {
        die "only root can set '$opt' config for non-mapped devices\n";
    } elsif ($device->{mapping}) {
        $rpcenv->check_full($authuser, "/mapping/pci/$device->{mapping}", ['Mapping.Use']);
        $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
    } else {
        die "either 'host' or 'mapping' must be set.\n";
    }

    return 1;
}