From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:35252)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ronniesahlberg@gmail.com>) id 1RqBA1-0003U0-G0
	for qemu-devel@nongnu.org; Wed, 25 Jan 2012 17:17:46 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ronniesahlberg@gmail.com>) id 1RqBA0-00032z-3U
	for qemu-devel@nongnu.org; Wed, 25 Jan 2012 17:17:45 -0500
Received: from mail-tul01m020-f173.google.com ([209.85.214.173]:34628)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ronniesahlberg@gmail.com>) id 1RqB9z-00032u-QN
	for qemu-devel@nongnu.org; Wed, 25 Jan 2012 17:17:44 -0500
Received: by obbup16 with SMTP id up16so7154931obb.4
	for <qemu-devel@nongnu.org>; Wed, 25 Jan 2012 14:17:43 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <4F20266F.20409@redhat.com>
References: <1327140203-3165-1-git-send-email-ronniesahlberg@gmail.com>
	<1327140203-3165-2-git-send-email-ronniesahlberg@gmail.com>
	<4F1DA1D5.1010600@redhat.com>
	<CAN05THRiO5S-TkD9rcA93ZmrVjwPCmAU2TRkfePkoOA1y+PcLg@mail.gmail.com>
	<4F20266F.20409@redhat.com>
Date: Thu, 26 Jan 2012 09:17:43 +1100
Message-ID: <CAN05THQ+KPYPe4DQWm3NLTAL01JZ3MiA4io6hAxYrgybwO1GJw@mail.gmail.com>
From: ronnie sahlberg <ronniesahlberg@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] iSCSI: add configuration variables for
	iSCSI
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eric Blake <eblake@redhat.com>
Cc: kwolf@redhat.com, qemu-devel@nongnu.org

Fair enough.

I will send a separate tiny patch to add 'fd:<n>' support to specify
to qemu to -readconfig from a preexisting filedescriptor.

Other protocols like 'exec:' can easily be added later as needed.


regards
ronnie sahlberg

On Thu, Jan 26, 2012 at 2:57 AM, Eric Blake <eblake@redhat.com> wrote:
> On 01/24/2012 11:47 PM, ronnie sahlberg wrote:
>> Read from an arbitrary filedescriptor inherited from the parent process =
:
>> 9<iscsi.conf ./x86_64-softmmu/qemu-system-x86_64 -enable-kvm -display
>> vnc=3D127.0.0.1:0 -drive file=3Discsi://127.0.0.1/iqn.ronnie.test/1
>> -readconfig /proc/self/fd/9
>
> That requires the existence of procfs, which is not portable (although
> it does work on Linux). =A0I'd rather see:
>
> -readconfig fd:9
>
> which matches things for -incoming; that is, if -readconfig starts with
> '/' or '.', it is a filename; otherwise, it is a protocol:value
> designation, where we recognize at least the fd: protocol where a value
> is the incoming fd, but we could also recognize things like exec:
> protocol which is an arbitrary command to use via popen.
>
>> I imagine you would pipe() then fork() and pass the read side of your
>> pipe to qemu here ?
>
> Yes, the idea is that libvirt would rather pipe() and then pass the read
> size fd to qemu, so that libvirt's handling of the decrypted secret
> information is only ever passed over the pipe and not stored on disk.
>
>> If this works well or at least in some acceptable form it might be
>> useful for other users needing to pass sensitive config data into QEMU
>> too?
>
> Yes, the fd: notation of -incoming should be reusable in multiple
> contexsts, including any other location where sensitive information must
> be passed in.
>
> --
> Eric Blake =A0 eblake@redhat.com =A0 =A0+1-919-301-3266
> Libvirt virtualization library http://libvirt.org
>