Re: [libvirt] [PATCH 5/5] qemu/rbd: improve rbd device specification
On Fri, Sep 16, 2011 at 10:01, Sage Weil <sage(a)newdream.net> wrote:
> If I'm reading this right, that puts the ceph secret on the
kvm
> command line. That's not good, that makes it visible to anyone on the
> host.
Yeah, we definitely want something better, but I wanted to make sure the
overall approach is fine before doing something too annoying with
temporary unlinked files or environment variables or something.
That sounds good. Except for the environment variables part; while
some effort is put into guarding the environment, there have been
several ways of reading other processes' environment, historically. I
wouldn't rely on environment to stay secret, ever.