Re: [ovirt-users] [ovirt-devel] Hello and A Question about oVirt

On 03 Feb 2016, at 06:36, zhukaijie <kjzhu14(a)is.ac.cn&gt; wrote: ________________________________________ 发件人: Michal Skrivanek [mskrivan(a)redhat.com] 发送时间: 2016年2月2日 17:55 收件人: zhukaijie 抄送: devel(a)ovirt.org 主题: Re: [ovirt-devel] Hello and A Question about oVirt On 02 Feb 2016, at 10:40, Yaniv Dary <ydary@redhat.com<mailto:ydary@redhat.com>> wrote: I don't think we have a option like this. Michal? Yaniv Dary Technical Product Manager Red Hat Israel Ltd. 34 Jerusalem Road Building A, 4th floor Ra'anana, Israel 4350109 Tel : +972 (9) 7692306 8272306 Email: ydary@redhat.com<mailto:ydary@redhat.com> IRC : ydary On Mon, Feb 1, 2016 at 5:16 AM, zhukaijie <kjzhu14@is.ac.cn<mailto:kjzhu14@is.ac.cn>> wrote: Hello, now I have defined a custom property named 'A' in oVirt Engine. Administrator is responsible for entering the value (and arbitrary string ) of 'A' before starting the VM. After an users trys to start the VM in oVirt, VDSM will add the value of 'A' in the qemu:arg of libvirt domain xml, so that the value of 'A' will be added into the QEMU Cmd as a param. However, just like the password of VNC or SPICE, I want to hide the value of 'A' in '*' format in both Libvirt domain xml and QEMU Cmd, So could you please tell me how to achieve it? Thank you very much and happy 2016. No, I don’t think you would be able to make libvirt and qemu to hide it. Unfortunately it would be exposed…for log files you are protected by file access permissions, but if there is anything sensitive on the command line and you have a user who can get a shell on that machine one can always see that in process listing do you perhaps need to pass some secret to a VM? Might be better via payload, it can be accessed in the guest as a file then. Thanks, michal _______________________________________________ Devel mailing list Devel@ovirt.org<mailto:Devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/devel Thank you. But there is still a doubt for me. In vdsm/graphics.py, function _setPasswd uses "*****" format to hide the true password of VNC and SPICE if disableticketing feature is not used. So later how can Libvirt translates the "*****" format into true password? Thank you.