Re: [Qemu-devel] [PATCH RFC v3 for-2.9 10/11] Revert "rbd: add support for getting password from QCryptoSecret object"

[Markus Armbruster]

Eric Blake <address@hidden> writes:

> On 03/27/2017 08:26 AM, Markus Armbruster wrote:
>> This reverts commit 60390a2192e7b38aee18db6ce7fb740498709737.
>> 
>> The commit's rationale
>> 
>>     Currently RBD passwords must be provided on the command line
>>     via
>> 
>>       $QEMU -drive file=rbd:pool/image:id=myname:\
>>                    key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
>>                    auth_supported=cephx
>> 
>>     This is insecure because the key is visible in the OS process
>>     listing.
>> 
>> is invalid.  You can easily avoid passing keys on the command line by
>> using "keyfile" instead of "key".  In fact, the Ceph documentation
>> calls use of key "not recommended".  But the most common way to
>> provide keys is a keyring.  The default keyrings should be just fine
>> for most users.  When they aren't, you can configure your own keyrings
>> with "keyring" or override the key with "keyfile".
>> 
>> The commit adds parameter password-secret to -drive.  Support for it
>> was included in -blockdev, but reverted in the previous commit due to
>> concerns about the QMP interface.  Revert it from -drive, too.
>> 
>> Cc: Daniel P. Berrange <address@hidden>
>> Signed-off-by: Markus Armbruster <address@hidden>
>> ---
>>  block/rbd.c | 47 -----------------------------------------------
>>  1 file changed, 47 deletions(-)
>
> Are we sure this won't be breaking existing libvirt clients?

I somehow misread the date on commit 60390a2.  It's actually too late to
revert it.  We'll have to live with this.  I'll drop this patch and
rework 11/11.