Fair enough. I will send a separate tiny patch to add 'fd:<n>' support to specify to qemu to -readconfig from a preexisting filedescriptor.
Other protocols like 'exec:' can easily be added later as needed. regards ronnie sahlberg On Thu, Jan 26, 2012 at 2:57 AM, Eric Blake <ebl...@redhat.com> wrote: > On 01/24/2012 11:47 PM, ronnie sahlberg wrote: >> Read from an arbitrary filedescriptor inherited from the parent process : >> 9<iscsi.conf ./x86_64-softmmu/qemu-system-x86_64 -enable-kvm -display >> vnc=127.0.0.1:0 -drive file=iscsi://127.0.0.1/iqn.ronnie.test/1 >> -readconfig /proc/self/fd/9 > > That requires the existence of procfs, which is not portable (although > it does work on Linux). I'd rather see: > > -readconfig fd:9 > > which matches things for -incoming; that is, if -readconfig starts with > '/' or '.', it is a filename; otherwise, it is a protocol:value > designation, where we recognize at least the fd: protocol where a value > is the incoming fd, but we could also recognize things like exec: > protocol which is an arbitrary command to use via popen. > >> I imagine you would pipe() then fork() and pass the read side of your >> pipe to qemu here ? > > Yes, the idea is that libvirt would rather pipe() and then pass the read > size fd to qemu, so that libvirt's handling of the decrypted secret > information is only ever passed over the pipe and not stored on disk. > >> If this works well or at least in some acceptable form it might be >> useful for other users needing to pass sensitive config data into QEMU >> too? > > Yes, the fd: notation of -incoming should be reusable in multiple > contexsts, including any other location where sensitive information must > be passed in. > > -- > Eric Blake ebl...@redhat.com +1-919-301-3266 > Libvirt virtualization library http://libvirt.org >