> On 03 Feb 2016, at 06:36, zhukaijie <kjzh...@is.ac.cn> wrote: > > > ________________________________________ > 发件人: Michal Skrivanek [mskri...@redhat.com] > 发送时间: 2016年2月2日 17:55 > 收件人: zhukaijie > 抄送: de...@ovirt.org > 主题: Re: [ovirt-devel] Hello and A Question about oVirt > > On 02 Feb 2016, at 10:40, Yaniv Dary > <yd...@redhat.com<mailto:yd...@redhat.com>> wrote: > > I don't think we have a option like this. Michal? > > > Yaniv Dary > Technical Product Manager > Red Hat Israel Ltd. > 34 Jerusalem Road > Building A, 4th floor > Ra'anana, Israel 4350109 > > Tel : +972 (9) 7692306 > 8272306 > Email: yd...@redhat.com<mailto:yd...@redhat.com> > IRC : ydary > > On Mon, Feb 1, 2016 at 5:16 AM, zhukaijie > <kjzh...@is.ac.cn<mailto:kjzh...@is.ac.cn>> wrote: > Hello, now I have defined a custom property named 'A' in oVirt Engine. > Administrator is responsible for entering the value (and arbitrary string ) > of 'A' before starting the VM. After an users trys to start the VM in oVirt, > VDSM will add the value of 'A' in the qemu:arg of libvirt domain xml, so that > the value of 'A' will be added into the QEMU Cmd as a param. However, just > like the password of VNC or SPICE, I want to hide the value of 'A' in '*' > format in both Libvirt domain xml and QEMU Cmd, So could you please tell me > how to achieve it? Thank you very much and happy 2016. > > No, I don’t think you would be able to make libvirt and qemu to hide it. > Unfortunately it would be exposed…for log files you are protected by file > access permissions, but if there is anything sensitive on the command line > and you have a user who can get a shell on that machine one can always see > that in process listing > > do you perhaps need to pass some secret to a VM? Might be better via payload, > it can be accessed in the guest as a file then. > > Thanks, > michal > > _______________________________________________ > Devel mailing list > de...@ovirt.org<mailto:de...@ovirt.org> > http://lists.ovirt.org/mailman/listinfo/devel > > Thank you. But there is still a doubt for me. In vdsm/graphics.py, function > _setPasswd uses "*****" format to hide the true password of VNC and SPICE if > disableticketing feature is not used. So later how can Libvirt translates the > "*****" format into true password? Thank you.
for password field it’s an exception and it’s explicitly logged with *. of course the proper secret password is supplied to libvirt. But as a generic field elsewhere …they are not getting hidden….all the parameters would look like ***** which is not helpful:) _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
