On Wed, Mar 23, 2016 at 08:36:30AM -0400, John Ferlan wrote: > > > On 03/22/2016 10:08 AM, Daniel P. Berrange wrote: > > On Mon, Mar 21, 2016 at 02:29:00PM -0400, John Ferlan wrote: > >> Add a masterKey to _qemuDomainObjPrivate to store a base64 encoded domain > >> master key in order to support the ability to encrypt/decrypt sensitive > >> data shared between libvirt and qemu. The base64 encoded value will be > >> written to the domain XML file for consistency between domain restarts. > > > > Ohh, no, we don't want the master key to ever appear in any XML file, > > because that in turn leads to compromise of user data when reporting > > bugs. For example if the user provides the CLI args + runtime XML > > then you can decrypt their passwords from the CLI args. The master > > key must only ever be in its own file, which minimises the chance of > > the user ever uploading the master key for their VM with bug reports. > > > > OK - well that simplifies certain things; however, I would think that > means on libvirtd restart we would then have to read the master key file > in order to repopulate the priv->masterKey, right? Yes, that's correct. > >> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c > >> index 9f9fae3..507ae9e 100644 > >> --- a/src/qemu/qemu_domain.c > >> +++ b/src/qemu/qemu_domain.c > >> @@ -23,6 +23,7 @@ > >> > >> #include <config.h> > >> > >> +#include <assert.h> > > > > We have a general rule that libvirt should never assert() in its > > code, so don't add this. Errors should always propagate back > > to a virErrorPtr. > > > > > > OK - although it is used today in virsh/vsh and remote_driver... Using it in virsh is ok as that's a client app. We shouldn't use it in the remote_driver though - I'd not noticed that actually. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list