Re: [PATCH 1/1] secret: Inhibit shutdown for ephemeral secrets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 20, 2022 at 09:27:11AM +0100, Michal Privoznik wrote:
> Our secret driver divides secrets into two groups: ephemeral
> (stored only in memory) and persistent (stored on disk). Now, the
> aim of ephemeral secrets is to define them shortly before being
> used and then undefine them. But 'shortly before being used' is a
> very vague time frame. And since we default to socket activation
> and thus pass '--timeout 120' to every daemon it may happen that
> just defined ephemeral secret is gone among with the virtsecretd.
> 
> This is no problem for persistent secrets as their definition
> (and value) is restored when the virtsecretd starts again, but
> ephemeral secrets can't be restored.
> 
> Therefore, we could view ephemeral secrets as active objects that
> the daemon manages and thus inhibit automatic shutdown (just like
> hypervisor daemons do when a guest is running).
> 
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
>  src/secret/secret_driver.c | 35 +++++++++++++++++++++++++++++++++--
>  1 file changed, 33 insertions(+), 2 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux