Feel free to read [1] for context, here the quote that made me poll for
  "it would be nice in the future to have some standardized path for user
provided guest-read-only stuff"

The TL;DR of their case is:
- extra info they want to pass, but is not part of libvirts guest
description (qemu-cmdline in their case)
- apparmor blocks their access to an unknown path

There are no reliable paths today to put data for a guest. Guests are names
with their ID in the paths - so even knowing the guest name - they are not
predictable (for example /var/lib/libvirt/qemu/domain-1-guestname/ might be
different next time).

Due to that I can see their use-case for "let all read from there", but
OTOH "let all" always feels wrong at first from a security POV.

Therefore i wanted to poll for opinions on this before suggesting any

[1]: https://github.com/coreos/bugs/issues/2083#issuecomment-380404427

Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
libvir-list mailing list

Reply via email to