On 02 Feb 2016, at 10:40, Yaniv Dary <ydary@redhat.com> wrote: =20 I don't think we have a option like this. Michal? =20 Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 =20 Tel : +972 (9) 7692306 8272306 Email: ydary@redhat.com <mailto:ydary@redhat.com> IRC : ydary =20 On Mon, Feb 1, 2016 at 5:16 AM, zhukaijie <kjzhu14@is.ac.cn = <mailto:kjzhu14@is.ac.cn>> wrote: Hello, now I have defined a custom property named 'A' in oVirt Engine. = Administrator is responsible for entering the value (and arbitrary = string ) of 'A' before starting the VM. After an users trys to start the = VM in oVirt, VDSM will add the value of 'A' in the qemu:arg of libvirt = domain xml, so that the value of 'A' will be added into the QEMU Cmd as = a param. However, just like the password of VNC or SPICE, I want to hide =

--Apple-Mail=_19375BCD-A726-4FD8-9A0F-1BA240197D4D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 the value of 'A' in '*' format in both Libvirt domain xml and QEMU Cmd, = So could you please tell me how to achieve it? Thank you very much and = happy 2016. No, I don=E2=80=99t think you would be able to make libvirt and qemu to = hide it. Unfortunately it would be exposed=E2=80=A6for log files you are = protected by file access permissions, but if there is anything sensitive = on the command line and you have a user who can get a shell on that = machine one can always see that in process listing do you perhaps need to pass some secret to a VM? Might be better via = payload, it can be accessed in the guest as a file then. Thanks, michal

_______________________________________________ Devel mailing list Devel@ovirt.org <mailto:Devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/devel = <http://lists.ovirt.org/mailman/listinfo/devel> =20

--Apple-Mail=_19375BCD-A726-4FD8-9A0F-1BA240197D4D Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div = class=3D"">On 02 Feb 2016, at 10:40, Yaniv Dary <<a = href=3D"mailto:ydary@redhat.com" class=3D"">ydary@redhat.com</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div = dir=3D"ltr" class=3D"">I don't think we have a option like this. = Michal?</div><div class=3D"gmail_extra"><br clear=3D"all" class=3D""><div = class=3D""><div class=3D"gmail_signature"><div dir=3D"ltr" class=3D""><div= class=3D""><div dir=3D"ltr" class=3D""><pre cols=3D"72" class=3D""><span = style=3D"font-family:arial,helvetica,sans-serif" class=3D"">Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) 7692306 8272306 Email: <a href=3D"mailto:ydary@redhat.com" target=3D"_blank" = class=3D"">ydary@redhat.com</a> IRC : ydary</span></pre> </div></div></div></div></div> <br class=3D""><div class=3D"gmail_quote">On Mon, Feb 1, 2016 at 5:16 = AM, zhukaijie <span dir=3D"ltr" class=3D""><<a = href=3D"mailto:kjzhu14@is.ac.cn" target=3D"_blank" = class=3D"">kjzhu14@is.ac.cn</a>></span> wrote:<br = class=3D""><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 = .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello, now I have = defined a custom property named 'A' in oVirt Engine. Administrator is = responsible for entering the value (and arbitrary string ) of 'A' before = starting the VM. After an users trys to start the VM in oVirt, VDSM will = add the value of 'A' in the qemu:arg of libvirt domain xml, so that the = value of 'A' will be added into the QEMU Cmd as a param. However, just = like the password of VNC or SPICE, I want to hide the value of 'A' in = '*' format in both Libvirt domain xml and QEMU Cmd, So could you please = tell me how to achieve it? Thank you very much and happy 2016.<br = class=3D""></blockquote></div></div></div></blockquote><div><br = class=3D""></div>No, I don=E2=80=99t think you would be able to make = libvirt and qemu to hide it. Unfortunately it would be exposed=E2=80=A6for= log files you are protected by file access permissions, but if there is = anything sensitive on the command line and you have a user who can get a = shell on that machine one can always see that in process = listing</div><div><br class=3D""></div><div>do you perhaps need to pass = some secret to a VM? Might be better via payload, it can be accessed in = the guest as a file then.</div><div><br = class=3D""></div><div>Thanks,</div><div>michal</div><div><br = class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div = class=3D"gmail_extra"><div class=3D"gmail_quote"><blockquote = class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc = solid;padding-left:1ex"> _______________________________________________<br class=3D""> Devel mailing list<br class=3D""> <a href=3D"mailto:Devel@ovirt.org" class=3D"">Devel@ovirt.org</a><br = class=3D""> <a href=3D"http://lists.ovirt.org/mailman/listinfo/devel" = rel=3D"noreferrer" target=3D"_blank" = class=3D"">http://lists.ovirt.org/mailman/listinfo/devel</a><br = class=3D""> </blockquote></div><br class=3D""></div> </div></blockquote></div><br class=3D""></body></html>= --Apple-Mail=_19375BCD-A726-4FD8-9A0F-1BA240197D4D--