> On 03 Feb 2016, at 06:36, zhukaijie <kjzh...@is.ac.cn> wrote:
> ________________________________________
> 发件人: Michal Skrivanek [mskri...@redhat.com]
> 发送时间: 2016年2月2日 17:55
> 收件人: zhukaijie
> 抄送: de...@ovirt.org
> 主题: Re: [ovirt-devel] Hello and A Question about oVirt
> On 02 Feb 2016, at 10:40, Yaniv Dary 
> <yd...@redhat.com<mailto:yd...@redhat.com>> wrote:
> I don't think we have a option like this. Michal?
> Yaniv Dary
> Technical Product Manager
> Red Hat Israel Ltd.
> 34 Jerusalem Road
> Building A, 4th floor
> Ra'anana, Israel 4350109
> Tel : +972 (9) 7692306
>        8272306
> Email: yd...@redhat.com<mailto:yd...@redhat.com>
> IRC : ydary
> On Mon, Feb 1, 2016 at 5:16 AM, zhukaijie 
> <kjzh...@is.ac.cn<mailto:kjzh...@is.ac.cn>> wrote:
> Hello, now I have defined a custom property named 'A' in oVirt Engine. 
> Administrator is responsible for entering the value (and arbitrary string ) 
> of 'A' before starting the VM. After an users trys to start the VM in oVirt, 
> VDSM will add the value of 'A' in the qemu:arg of libvirt domain xml, so that 
> the value of 'A' will be added into the QEMU Cmd as a param. However, just 
> like the password of VNC or SPICE, I want to hide the value of 'A' in '*' 
> format in both Libvirt domain xml and QEMU Cmd, So could you please tell me 
> how to achieve it? Thank you very much and happy 2016.
> No, I don’t think you would be able to make libvirt and qemu to hide it. 
> Unfortunately it would be exposed…for log files you are protected by file 
> access permissions, but if there is anything sensitive on the command line 
> and you have a user who can get a shell on that machine one can always see 
> that in process listing
> do you perhaps need to pass some secret to a VM? Might be better via payload, 
> it can be accessed in the guest as a file then.
> Thanks,
> michal
> _______________________________________________
> Devel mailing list
> de...@ovirt.org<mailto:de...@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/devel
> Thank you. But there is still a doubt for me. In vdsm/graphics.py, function 
> _setPasswd uses "*****" format to hide the true password of VNC and SPICE if 
> disableticketing feature is not used. So later how can Libvirt translates the 
> "*****" format into true password? Thank you.

for password field it’s an exception and it’s explicitly logged with *. of 
course the proper secret password is supplied to libvirt. 
But as a generic field elsewhere …they are not getting hidden….all the 
parameters would look like ***** which is not helpful:)

Users mailing list

Reply via email to