| commit | 99522f69d62216f5d9581f66f2c0edca6bd48f78 | |
| author | Daniel P. Berrangé <berrange@redhat.com> | |
| Thu, 11 Mar 2021 11:43:42 +0000 (11 11:43 +0000) | ||
| committer | Gerd Hoffmann <kraxel@redhat.com> | |
| Mon, 15 Mar 2021 16:36:20 +0000 (15 17:36 +0100) | ||
| tree | 5f0ad49410504389ac7f87f3d1f2e8019f729c94 | treesnapshot (tar.gz zip) |
| parent | 6c6840e9281cf2fd3b29d77f45b18949d4a83944 | commitdiff |
ui: introduce "password-secret" option for SPICE server
Currently when using SPICE the "password" option provides the password
in plain text on the command line. This is insecure as it is visible
to all processes on the host. As an alternative, the password can be
provided separately via the monitor.
This introduces a "password-secret" option which lets the password be
provided up front.
$QEMU --object secret,id=vncsec0,file=passwd.txt \
--spice port=5901,password-secret=vncsec0
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210311114343.439820-3-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Currently when using SPICE the "password" option provides the password
in plain text on the command line. This is insecure as it is visible
to all processes on the host. As an alternative, the password can be
provided separately via the monitor.
This introduces a "password-secret" option which lets the password be
provided up front.
$QEMU --object secret,id=vncsec0,file=passwd.txt \
--spice port=5901,password-secret=vncsec0
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210311114343.439820-3-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| qemu-options.hx | diffblobblamehistory | |
| ui/spice-core.c | diffblobblamehistory |