* Daniel P. Berrangé:

>> This goes probably in a different direction of what has been implement
>> so far, but would it actually harm to enable the network-based
>> instance-data injection by default?  The advantage would be that it also
>> blocks these requests from leaking to untrusted parties, which could
>> then serve bogus data to compromise the virtual machine.
>
> I don't understand what you mean by leaking data to untrusted parties
> here in contetx of config drive ? I've considerd the config drive to
> be more secure / less risky than network service.

I'm assuming that cloud-init will try all sources in parallel, given
that there's a delay for both the network coming about and hardware
being detected.

Thanks,
Florian

_______________________________________________
virt-tools-list mailing list
virt-tools-list@redhat.com
https://www.redhat.com/mailman/listinfo/virt-tools-list

Reply via email to