Hi, We are running a public cloud and allow customers to upload their own images. A concern we have is that a customer could set hw_qemu_guest_agent=yes in the image metadata and then get a socket to the hypervisor created when running. For us, this is a bit of a security concern and I'm not aware of any way to globally disable this feature at the moment.
Is there any work going on to add the ability to enable/disable the feature globally? Would it be of interest to the project(s) to add that? I am happy to look into it and am keen to start contributing if it's deemed low enough hanging fruit for a new guy! Regards, DANIEL RUSSELL Solution Architect 340 Findon Road, KIDMAN PARK, SA 5025 T: +61 8 8461 4841 F: +61 8 8461 4899 E: dani...@hostworks.com.au<mailto:dani...@hostworks.com.au> W: www.hostworks.com.au<http://www.hostworks.com.au/>
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
