12:55 p.m.
--Apple-Mail=_19375BCD-A726-4FD8-9A0F-1BA240197D4D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On 02 Feb 2016, at 10:40, Yaniv Dary <ydary(a)redhat.com> wrote:
=20
I don't think we have a option like this. Michal?
=20
Yaniv Dary
Technical Product Manager
Red Hat Israel Ltd.
34 Jerusalem Road
Building A, 4th floor
Ra'anana, Israel 4350109
=20
Tel : +972 (9) 7692306
8272306
Email: ydary(a)redhat.com <mailto:ydary@redhat.com>
IRC : ydary
=20
On Mon, Feb 1, 2016 at 5:16 AM, zhukaijie <kjzhu14(a)is.ac.cn =
<mailto:kjzhu14@is.ac.cn>> wrote:
Hello, now I have defined a custom property named 'A' in
oVirt Engine. =
Administrator is responsible for entering the value (and arbitrary
=
string ) of 'A' before starting the VM. After an users trys to start the =
VM in oVirt, VDSM will add the value of 'A' in the qemu:arg of libvirt =
domain xml, so that the value of 'A' will be added into the QEMU Cmd as =
a param. However, just like the password of VNC or SPICE, I want to hide =
the value of 'A' in '*' format in both Libvirt domain xml and QEMU Cmd, =
So could you please tell me how to achieve it? Thank you very much and =
happy 2016.
No, I don=E2=80=99t think you would be able to make libvirt and qemu to =
hide it. Unfortunately it would be exposed=E2=80=A6for log files you are =
protected by file access permissions, but if there is anything sensitive =
on the command line and you have a user who can get a shell on that =
machine one can always see that in process listing
do you perhaps need to pass some secret to a VM? Might be better via =
payload, it can be accessed in the guest as a file then.
Thanks,
michal
_______________________________________________
Devel mailing list
Devel(a)ovirt.org <mailto:Devel@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/devel =
<http://lists.ovirt.org/mailman/listinfo/devel>
=20
--Apple-Mail=_19375BCD-A726-4FD8-9A0F-1BA240197D4D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type"
content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On 02 Feb 2016, at 10:40, Yaniv Dary <<a =
href=3D"mailto:ydary@redhat.com"
class=3D"">ydary(a)redhat.com</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D""><div =
dir=3D"ltr" class=3D"">I don't think we have a option like
this. =
Michal?</div><div class=3D"gmail_extra"><br
clear=3D"all" class=3D""><div =
class=3D""><div class=3D"gmail_signature"><div
dir=3D"ltr" class=3D""><div=
class=3D""><div dir=3D"ltr" class=3D""><pre
cols=3D"72" class=3D""><span =
style=3D"font-family:arial,helvetica,sans-serif" class=3D"">Yaniv
Dary
Technical Product Manager
Red Hat Israel Ltd.
34 Jerusalem Road
Building A, 4th floor
Ra'anana, Israel 4350109
Tel : +972 (9) 7692306
8272306
Email: <a href=3D"mailto:ydary@redhat.com" target=3D"_blank" =
class=3D"">ydary(a)redhat.com</a>
IRC : ydary</span></pre>
</div></div></div></div></div>
<br class=3D""><div class=3D"gmail_quote">On Mon, Feb 1,
2016 at 5:16 =
AM, zhukaijie <span dir=3D"ltr" class=3D""><<a =
href=3D"mailto:kjzhu14@is.ac.cn" target=3D"_blank" =
class=3D"">kjzhu14(a)is.ac.cn</a>&gt;</span> wrote:<br =
class=3D""><blockquote class=3D"gmail_quote"
style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello, now I have =
defined a custom property named 'A' in oVirt Engine. Administrator is =
responsible for entering the value (and arbitrary string ) of 'A' before =
starting the VM. After an users trys to start the VM in oVirt, VDSM will =
add the value of 'A' in the qemu:arg of libvirt domain xml, so that the =
value of 'A' will be added into the QEMU Cmd as a param. However, just =
like the password of VNC or SPICE, I want to hide the value of 'A' in =
'*' format in both Libvirt domain xml and QEMU Cmd, So could you please =
tell me how to achieve it? Thank you very much and happy 2016.<br =
class=3D""></blockquote></div></div></div></blockquote><div><br
=
class=3D""></div>No, I don=E2=80=99t think you would be able to make =
libvirt and qemu to hide it. Unfortunately it would be exposed=E2=80=A6for=
log files you are protected by file access permissions, but if there is =
anything sensitive on the command line and you have a user who can get a =
shell on that machine one can always see that in process =
listing</div><div><br class=3D""></div><div>do you
perhaps need to pass =
some secret to a VM? Might be better via payload, it can be accessed in =
the guest as a file then.</div><div><br =
class=3D""></div><div>Thanks,</div><div>michal</div><div><br
=
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><div =
class=3D"gmail_extra"><div
class=3D"gmail_quote"><blockquote =
class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc =
solid;padding-left:1ex">
_______________________________________________<br class=3D"">
Devel mailing list<br class=3D"">
<a href=3D"mailto:Devel@ovirt.org"
class=3D"">Devel(a)ovirt.org</a><br =
class=3D"">
<a href=3D"http://lists.ovirt.org/mailman/listinfo/devel" =
rel=3D"noreferrer" target=3D"_blank" =
class=3D"">http://lists.ovirt.org/mailman/listinfo/devel<... =
class=3D"">
</blockquote></div><br class=3D""></div>
</div></blockquote></div><br
class=3D""></body></html>=
--Apple-Mail=_19375BCD-A726-4FD8-9A0F-1BA240197D4D--