External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 11:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
6f25a5ac8a
libvirt/src/secret
History
Daniel P. Berrangé 8f390ae310 secret: rework handling of private secrets 
A secret can be marked with the "private" attribute. The intent was that
it is not possible for any libvirt client to be able to read the secret
value, it would only be accesible from within libvirtd. eg the QEMU
driver can read the value to launch a guest.

With the modular daemons, the QEMU, storage and secret drivers are all
running in separate daemons. The QEMU and storage drivers thus appear to
be normal libvirt client's from the POV of the secret driver, and thus
they are not able to read a private secret. This is unhelpful.

With the previous patches that introduced a "system token" to the
identity object, we can now distinguish APIs invoked by libvirt daemons
from those invoked by client applications.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-05-13 11:07:47 +01:00
..
meson.build build: Remove unused 'conflicts' key from virt_daemon_unit 2021-02-10 09:30:41 -07:00
secret_driver.c secret: rework handling of private secrets 2021-05-13 11:07:47 +01:00
secret_driver.h
virtsecretd.init.in
virtsecretd.service.in
virtsecretd.sysconf