[libvirt] [dbus PATCH 4/8] Implement Encrypted property for Connect Interface
Pavel Hrdina
phrdina at redhat.com
Mon Apr 9 13:20:13 UTC 2018
On Mon, Apr 09, 2018 at 01:49:07PM +0100, Daniel P. Berrangé wrote:
> On Mon, Apr 09, 2018 at 02:40:27PM +0200, Pavel Hrdina wrote:
> > On Mon, Apr 09, 2018 at 01:47:35PM +0200, Katerina Koukiou wrote:
> > > Signed-off-by: Katerina Koukiou <kkoukiou at redhat.com>
> > > ---
> > > data/org.libvirt.Connect.xml | 4 ++++
> > > src/connect.c | 20 ++++++++++++++++++++
> > > test/test_connect.py | 1 +
> > > 3 files changed, 25 insertions(+)
> >
> > This and the Secure properties are not that simple to just export
> > them. The reason is that the communication over D-Bus can be monitored
> > even if the connection from libvirt-dbus to libvirt is secure. I would
> > skip these two properties for now until we figure it out.
>
> I don't think that's a big problem - I think it is just a documentation
> task to say that monitoring of traffic on the dbus message bus is out
> of scope for these properties. IOW they just reflect the security
> properties of the libvirt-dbus <-> hypervisor paths, not the
> dbus client <-> hypervisor paths
The only concern that I have is that it might be misleading to see the
connection as secure but in fact the whole communication is not secure
or encrypted.
Currently every connection is secure and not encrypted since we use
only local connections. In the future if we allow to configure remote
connection it will have some value.
I guess that user will have to trust to the system where the D-Bus
communication is held on.
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180409/3931eede/attachment-0001.sig>
More information about the libvir-list
mailing list