qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] iSCSI: add configuration variables for iSCSI

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH] iSCSI: add configuration variables for iSCSI
Date: Wed, 25 Jan 2012 08:57:35 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0 
On 01/24/2012 11:47 PM, ronnie sahlberg wrote:
> Read from an arbitrary filedescriptor inherited from the parent process :
> 9<iscsi.conf ./x86_64-softmmu/qemu-system-x86_64 -enable-kvm -display
> vnc=127.0.0.1:0 -drive file=iscsi://127.0.0.1/iqn.ronnie.test/1
> -readconfig /proc/self/fd/9

That requires the existence of procfs, which is not portable (although
it does work on Linux).  I'd rather see:

-readconfig fd:9

which matches things for -incoming; that is, if -readconfig starts with
'/' or '.', it is a filename; otherwise, it is a protocol:value
designation, where we recognize at least the fd: protocol where a value
is the incoming fd, but we could also recognize things like exec:
protocol which is an arbitrary command to use via popen.

> I imagine you would pipe() then fork() and pass the read side of your
> pipe to qemu here ?

Yes, the idea is that libvirt would rather pipe() and then pass the read
size fd to qemu, so that libvirt's handling of the decrypted secret
information is only ever passed over the pipe and not stored on disk.

> If this works well or at least in some acceptable form it might be
> useful for other users needing to pass sensitive config data into QEMU
> too?

Yes, the fd: notation of -incoming should be reusable in multiple
contexsts, including any other location where sensitive information must
be passed in.

-- 
Eric Blake   address@hidden    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]