On Tue, Dec 20, 2022 at 09:27:11AM +0100, Michal Privoznik wrote: > Our secret driver divides secrets into two groups: ephemeral > (stored only in memory) and persistent (stored on disk). Now, the > aim of ephemeral secrets is to define them shortly before being > used and then undefine them. But 'shortly before being used' is a > very vague time frame. And since we default to socket activation > and thus pass '--timeout 120' to every daemon it may happen that > just defined ephemeral secret is gone among with the virtsecretd. > > This is no problem for persistent secrets as their definition > (and value) is restored when the virtsecretd starts again, but > ephemeral secrets can't be restored. > > Therefore, we could view ephemeral secrets as active objects that > the daemon manages and thus inhibit automatic shutdown (just like > hypervisor daemons do when a guest is running). > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/secret/secret_driver.c | 35 +++++++++++++++++++++++++++++++++-- > 1 file changed, 33 insertions(+), 2 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
