git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Daniel P. Berrangé <berrange@redhat.com>
	Wed, 16 Sep 2020 14:47:13 +0000 (15:47 +0100)
committer	Daniel P. Berrangé <berrange@redhat.com>
	Thu, 13 May 2021 10:07:47 +0000 (11:07 +0100)
commit	8f390ae310021a2e392d089ab7d4ac0a250551c7
tree	895d9893025be7cefbd28535003fc326e38a93b4	tree
parent	9bcbdbd5797450bf92643929ee6a765e2ccc8657	commit \| diff

secret: rework handling of private secrets

A secret can be marked with the "private" attribute. The intent was that
it is not possible for any libvirt client to be able to read the secret
value, it would only be accesible from within libvirtd. eg the QEMU
driver can read the value to launch a guest.

With the modular daemons, the QEMU, storage and secret drivers are all
running in separate daemons. The QEMU and storage drivers thus appear to
be normal libvirt client's from the POV of the secret driver, and thus
they are not able to read a private secret. This is unhelpful.

With the previous patches that introduced a "system token" to the
identity object, we can now distinguish APIs invoked by libvirt daemons
from those invoked by client applications.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

src/driver-secret.h		diff \| blob \| blame \| history
src/libvirt-secret.c		diff \| blob \| blame \| history
src/remote/remote_driver.c		diff \| blob \| blame \| history
src/secret/secret_driver.c		diff \| blob \| blame \| history
src/util/virsecret.c		diff \| blob \| blame \| history
tests/qemuxml2argvtest.c		diff \| blob \| blame \| history