Open Stack

Hi Daniel,

You might want to have look on the Glance Property Protections [0].
I'd assume that would do it for you?

[0] http://docs.openstack.org/developer/glance/property-protections.html

Best,
Erno

On Tue, Jul 19, 2016 at 12:43 AM, Daniel Russell
<DanielR at hostworks.com.au> wrote:
> Hi,
>
>
>
> We are running a public cloud and allow customers to upload their own
> images.  A concern we have is that a customer could set
> hw_qemu_guest_agent=yes in the image metadata and then get a socket to the
> hypervisor created when running.  For us, this is a bit of a security
> concern and I’m not aware of any way to globally disable this feature at the
> moment.
>
>
>
> Is there any work going on to add the ability to enable/disable the feature
> globally?  Would it be of interest to the project(s) to add that?
>
>
>
> I am happy to look into it and am keen to start contributing if it’s deemed
> low enough hanging fruit for a new guy!
>
>
>
> Regards,
>
> DANIEL RUSSELL
> Solution Architect
> 340 Findon Road, KIDMAN PARK, SA 5025
> T: +61 8 8461 4841 F: +61 8 8461 4899
> E: danielr at hostworks.com.au
> W: www.hostworks.com.au
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>