On 01/22/2014 03:27 AM, Robert Collins wrote: > On 22 January 2014 10:50, Kashyap Chamarthy <kcham...@redhat.com> wrote: >> [CC'ed libguestfs author, Rich Jones] >> >> Heya, >> >> >> On 01/21/2014 07:59 AM, Robert Collins wrote: >>> I was reminded of this while I cleaned up failed file injection nbd >>> devices on ci-overcloud.tripleo.org :/ - what needs to happen for us >>> to change the defaults around file injection so that it's disabled? >> >> I presume you're talking about libguestfs based file injection. I >> remember recently debugging/testing by disabling it to isolate a >> different problem: >> >> inject_partition=-2 > > No, the default is nbd based injection, which is terrible on two counts: > - its got horrible security ramifications > - its a horrible thing to be doing > > libguestfs based injection is only terrible on one count: > - its a horrible thing to be doing > >> That said, I'm trying to understand the rationale of your proposal in >> this case. Can you point me to a URL or some such? I'm just curious as a >> heavy user of libguestfs. > > There's nothing wrong with libguestfs, this is about the feature which > has been discussed, here, a lot :) - for delivering metadata to > images, config-drive || metadata service are much better. Hypervisors > shouldn't be in the business of tinkering inside VM file systems at > all. >
Thanks for the details, Robert and Rich. -- /kashyap _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev