libvirt before 2.2 includes Ceph credentials on the qemu command line when
using RADOS Block Device (aka RBD), which allows local users to obtain
sensitive information via a process listing.
Author | Note |
---|---|
tyhicks | libvirt and qemu need changes to securely pass passwords between themselves. |
mdeslaur | libvirt fix required qemu 2.6 we will not be fixing this minor issue in xenial and earlier. |