On 09/14/2015 12:50 AM, Peter Lieven wrote: >>>> It would be nice to also add a matching BlockdevOptionsIscsi to >>>> qapi/block-core.json, to allow setting these structured options from >>>> QMP. Separate patch is fine, but we need to do the work for ALL of the >>>> remaining block devices eventually, and now that you are structuring the >>>> command line is a good time to think about it. >>>> >>>>
>>> Passing via command line is evil. It should still be possible to pass >>> all this via a config file to qemu : >>> >> >> I agree passing password with clear text command line is bad, but -readconfig >> doesn't work for qemu-img and qemu-io. Any idea how to make that work? > > you can pass the secrets via environment variables (see libiscsi readme). Environment variables are no more secure than command line parameters - both are visible via ps to other processes, and hence relatively insecure. We need a way to pass secrets over a file descriptor, whether that file descriptor be a config file, or whether it be a pipe. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
