Eric Blake <ebl...@redhat.com> writes: > On 03/27/2017 08:26 AM, Markus Armbruster wrote: >> This reverts commit 60390a2192e7b38aee18db6ce7fb740498709737. >> >> The commit's rationale >> >> Currently RBD passwords must be provided on the command line >> via >> >> $QEMU -drive file=rbd:pool/image:id=myname:\ >> key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\ >> auth_supported=cephx >> >> This is insecure because the key is visible in the OS process >> listing. >> >> is invalid. You can easily avoid passing keys on the command line by >> using "keyfile" instead of "key". In fact, the Ceph documentation >> calls use of key "not recommended". But the most common way to >> provide keys is a keyring. The default keyrings should be just fine >> for most users. When they aren't, you can configure your own keyrings >> with "keyring" or override the key with "keyfile". >> >> The commit adds parameter password-secret to -drive. Support for it >> was included in -blockdev, but reverted in the previous commit due to >> concerns about the QMP interface. Revert it from -drive, too. >> >> Cc: Daniel P. Berrange <berra...@redhat.com> >> Signed-off-by: Markus Armbruster <arm...@redhat.com> >> --- >> block/rbd.c | 47 ----------------------------------------------- >> 1 file changed, 47 deletions(-) > > Are we sure this won't be breaking existing libvirt clients?
I somehow misread the date on commit 60390a2. It's actually too late to revert it. We'll have to live with this. I'll drop this patch and rework 11/11.
