On Wed, Jun 16, 2010 at 03:33:14PM +0200, Kevin Wolf wrote:
> Am 15.06.2010 18:44, schrieb Anthony Liguori:
> > On 06/15/2010 11:30 AM, Anthony Liguori wrote:
> >> block_passwd
> >> ------------
> >>
> >
> > I dislike abbreviations. I also think that we should make commands
> > verbs. So I'd like to change the name to set_block_password and then we
> > can alias block_passwd to that command if we need to.
>
> Actually, I think this command should be removed and passwords should
> always be set as a blkdevice_add parameter when attaching an image.
That doesn't work for people adding devices on the command line though,
because you don't want the password exposed in ARGV. It could be useful
to separate the passwords from the device config, both here and wrt to
VNC (and SPICE in future) instead set them by reference.
eg, register two named secrets with associated keys
add_secret secret1 123456
add_secret secret2 123456
Then you can reference that secret in all the devices added
blockdev_add file=foo.qcow1,password=secret1
blockdev_add file=foo.qcow2,password=secret2
blockdev_add file=foo.qcow3,password=secret1
graphics_add type=vnc,password=secret1
On the command line the user could easily specify a config file with
the named secrets
#cat > secrets.cfg <<EOF
secret1 = 123465
secret2 = abcd
EOF
qemu -secrets secrets.cfg -blockdev file=foo.qcow1,password=secret1
It also means that if management apps are logging all monitor commands
for purposes of debugging, or bug reporting, they don't have to worry
so much about exposing their password. just blacklist the 'add_secret'
command from logging and still get the full device configs logged with
the important details.
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
