Hi, We are running a public cloud and allow customers to upload their own images. A concern we have is that a customer could set hw_qemu_guest_agent=yes in the image metadata and then get a socket to the hypervisor created when running. For us, this is a bit of a security concern and I'm not aware of any way to globally disable this feature at the moment.
Is there any work going on to add the ability to enable/disable the feature globally? Would it be of interest to the project(s) to add that? I am happy to look into it and am keen to start contributing if it's deemed low enough hanging fruit for a new guy! Regards, DANIEL RUSSELL Solution Architect 340 Findon Road, KIDMAN PARK, SA 5025 T: +61 8 8461 4841 F: +61 8 8461 4899 E: [email protected]<mailto:[email protected]> W: www.hostworks.com.au<http://www.hostworks.com.au/>
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
