Hi Daniel, You might want to have look on the Glance Property Protections [0]. I'd assume that would do it for you?
[0] http://docs.openstack.org/developer/glance/property-protections.html Best, Erno On Tue, Jul 19, 2016 at 12:43 AM, Daniel Russell <dani...@hostworks.com.au> wrote: > Hi, > > > > We are running a public cloud and allow customers to upload their own > images. A concern we have is that a customer could set > hw_qemu_guest_agent=yes in the image metadata and then get a socket to the > hypervisor created when running. For us, this is a bit of a security > concern and I’m not aware of any way to globally disable this feature at the > moment. > > > > Is there any work going on to add the ability to enable/disable the feature > globally? Would it be of interest to the project(s) to add that? > > > > I am happy to look into it and am keen to start contributing if it’s deemed > low enough hanging fruit for a new guy! > > > > Regards, > > DANIEL RUSSELL > Solution Architect > 340 Findon Road, KIDMAN PARK, SA 5025 > T: +61 8 8461 4841 F: +61 8 8461 4899 > E: dani...@hostworks.com.au > W: www.hostworks.com.au > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev