> On 02 Feb 2016, at 10:40, Yaniv Dary <yd...@redhat.com> wrote: > > I don't think we have a option like this. Michal? > > Yaniv Dary > Technical Product Manager > Red Hat Israel Ltd. > 34 Jerusalem Road > Building A, 4th floor > Ra'anana, Israel 4350109 > > Tel : +972 (9) 7692306 > 8272306 > Email: yd...@redhat.com <mailto:yd...@redhat.com> > IRC : ydary > > On Mon, Feb 1, 2016 at 5:16 AM, zhukaijie <kjzh...@is.ac.cn > <mailto:kjzh...@is.ac.cn>> wrote: > Hello, now I have defined a custom property named 'A' in oVirt Engine. > Administrator is responsible for entering the value (and arbitrary string ) > of 'A' before starting the VM. After an users trys to start the VM in oVirt, > VDSM will add the value of 'A' in the qemu:arg of libvirt domain xml, so that > the value of 'A' will be added into the QEMU Cmd as a param. However, just > like the password of VNC or SPICE, I want to hide the value of 'A' in '*' > format in both Libvirt domain xml and QEMU Cmd, So could you please tell me > how to achieve it? Thank you very much and happy 2016.
No, I don’t think you would be able to make libvirt and qemu to hide it. Unfortunately it would be exposed…for log files you are protected by file access permissions, but if there is anything sensitive on the command line and you have a user who can get a shell on that machine one can always see that in process listing do you perhaps need to pass some secret to a VM? Might be better via payload, it can be accessed in the guest as a file then. Thanks, michal > _______________________________________________ > Devel mailing list > Devel@ovirt.org <mailto:Devel@ovirt.org> > http://lists.ovirt.org/mailman/listinfo/devel > <http://lists.ovirt.org/mailman/listinfo/devel> >
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
