From: "Daniel P. Berrange" <berrange@redhat.com>
To: Kevin Wolf <kwolf@redhat.com>
Cc: Luiz Capitulino <lcapitulino@redhat.com>,
Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>,
Markus Armbruster <armbru@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [CFR 2/10] qmp: block_passwd command
Date: Wed, 16 Jun 2010 14:57:09 +0100 [thread overview]
Message-ID: <20100616135709.GP13996@redhat.com> (raw)
In-Reply-To: <4C18D29A.4040601@redhat.com>
On Wed, Jun 16, 2010 at 03:33:14PM +0200, Kevin Wolf wrote:
> Am 15.06.2010 18:44, schrieb Anthony Liguori:
> > On 06/15/2010 11:30 AM, Anthony Liguori wrote:
> >> block_passwd
> >> ------------
> >>
> >
> > I dislike abbreviations. I also think that we should make commands
> > verbs. So I'd like to change the name to set_block_password and then we
> > can alias block_passwd to that command if we need to.
>
> Actually, I think this command should be removed and passwords should
> always be set as a blkdevice_add parameter when attaching an image.
That doesn't work for people adding devices on the command line though,
because you don't want the password exposed in ARGV. It could be useful
to separate the passwords from the device config, both here and wrt to
VNC (and SPICE in future) instead set them by reference.
eg, register two named secrets with associated keys
add_secret secret1 123456
add_secret secret2 123456
Then you can reference that secret in all the devices added
blockdev_add file=foo.qcow1,password=secret1
blockdev_add file=foo.qcow2,password=secret2
blockdev_add file=foo.qcow3,password=secret1
graphics_add type=vnc,password=secret1
On the command line the user could easily specify a config file with
the named secrets
#cat > secrets.cfg <<EOF
secret1 = 123465
secret2 = abcd
EOF
qemu -secrets secrets.cfg -blockdev file=foo.qcow1,password=secret1
It also means that if management apps are logging all monitor commands
for purposes of debugging, or bug reporting, they don't have to worry
so much about exposing their password. just blacklist the 'add_secret'
command from logging and still get the full device configs logged with
the important details.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
next prev parent reply other threads:[~2010-06-16 13:57 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-15 16:30 [Qemu-devel] [CFR 0/10] QMP specification review Anthony Liguori
2010-06-15 16:30 ` [Qemu-devel] [CFR 1/10] qmp: balloon command Anthony Liguori
2010-06-15 16:42 ` Anthony Liguori
2010-06-15 16:30 ` [Qemu-devel] [CFR 2/10] qmp: block_passwd command Anthony Liguori
2010-06-15 16:44 ` Anthony Liguori
2010-06-16 13:33 ` Kevin Wolf
2010-06-16 13:57 ` Daniel P. Berrange [this message]
2010-06-15 16:30 ` [Qemu-devel] [CFR 3/10] command Anthony Liguori
2010-06-15 16:30 ` [Qemu-devel] [CFR 4/10] command Anthony Liguori
2010-06-15 17:02 ` Anthony Liguori
2010-06-15 16:30 ` [Qemu-devel] [CFR 5/10] closefd command Anthony Liguori
2010-06-15 16:45 ` Anthony Liguori
2010-06-15 16:30 ` [Qemu-devel] [CFR 6/10] cont command Anthony Liguori
2010-06-15 16:46 ` Anthony Liguori
2010-06-16 13:11 ` [Qemu-devel] " Juan Quintela
2010-06-16 13:47 ` Anthony Liguori
2010-06-16 16:17 ` Juan Quintela
2010-06-16 17:05 ` Anthony Liguori
2010-06-16 17:22 ` Jamie Lokier
2010-06-16 22:25 ` Juan Quintela
2010-06-16 16:25 ` Daniel P. Berrange
2010-06-16 17:18 ` Anthony Liguori
2010-06-16 22:05 ` Juan Quintela
2010-06-16 22:26 ` Anthony Liguori
2010-06-16 23:00 ` Juan Quintela
2010-06-15 16:30 ` [Qemu-devel] [CFR 7/10] cpu command Anthony Liguori
2010-06-15 16:59 ` Anthony Liguori
2010-06-15 17:00 ` [Qemu-devel] " Jan Kiszka
2010-06-15 16:30 ` [Qemu-devel] [CFR 8/10] device_add command Anthony Liguori
2010-06-15 16:49 ` Anthony Liguori
2010-06-15 16:30 ` [Qemu-devel] [CFR 9/10] device_del command Anthony Liguori
2010-06-15 16:49 ` Anthony Liguori
2010-06-15 16:59 ` [Qemu-devel] " Jan Kiszka
2010-06-15 20:48 ` Miguel Di Ciurcio Filho
2010-06-15 21:14 ` Anthony Liguori
2010-06-15 16:30 ` [Qemu-devel] [CFR 10/10] eject command Anthony Liguori
2010-06-17 14:49 ` [Qemu-devel] Re: [CFR 0/10] QMP specification review Luiz Capitulino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100616135709.GP13996@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=kwolf@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).