[ovirt-devel] Hello and A Question about oVirt

[Michal Skrivanek]

> On 02 Feb 2016, at 10:40, Yaniv Dary <ydary at redhat.com> wrote:
> 
> I don't think we have a option like this. Michal?
> 
> Yaniv Dary
> Technical Product Manager
> Red Hat Israel Ltd.
> 34 Jerusalem Road
> Building A, 4th floor
> Ra'anana, Israel 4350109
> 
> Tel : +972 (9) 7692306
>         8272306
> Email: ydary at redhat.com <mailto:ydary at redhat.com>
> IRC : ydary
> 
> On Mon, Feb 1, 2016 at 5:16 AM, zhukaijie <kjzhu14 at is.ac.cn <mailto:kjzhu14 at is.ac.cn>> wrote:
> Hello, now I have defined a custom property named 'A' in oVirt Engine. Administrator is responsible for entering the value (and arbitrary string ) of 'A' before starting the VM. After an users trys to start the VM in oVirt, VDSM will add the value of 'A' in the qemu:arg of libvirt domain xml, so that the value of 'A' will be added into the QEMU Cmd as a param. However, just like the password of VNC or SPICE, I want to hide the value of 'A' in '*' format in both Libvirt domain xml and QEMU Cmd, So could you please tell me how to achieve it? Thank you very much and happy 2016.

No, I don’t think you would be able to make libvirt and qemu to hide it. Unfortunately it would be exposed…for log files you are protected by file access permissions, but if there is anything sensitive on the command line and you have a user who can get a shell on that machine one can always see that in process listing

do you perhaps need to pass some secret to a VM? Might be better via payload, it can be accessed in the guest as a file then.

Thanks,
michal

> _______________________________________________
> Devel mailing list
> Devel at ovirt.org <mailto:Devel at ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/devel <http://lists.ovirt.org/mailman/listinfo/devel>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20160202/67f3583c/attachment-0001.html>