[openstack-dev] [glance][nova] Globally disabling hw_qemu_guest_agent support

Daniel Russell DanielR at hostworks.com.au
Mon Jul 18 23:43:09 UTC 2016


Hi,

We are running a public cloud and allow customers to upload their own images.  A concern we have is that a customer could set hw_qemu_guest_agent=yes in the image metadata and then get a socket to the hypervisor created when running.  For us, this is a bit of a security concern and I'm not aware of any way to globally disable this feature at the moment.

Is there any work going on to add the ability to enable/disable the feature globally?  Would it be of interest to the project(s) to add that?

I am happy to look into it and am keen to start contributing if it's deemed low enough hanging fruit for a new guy!

Regards,
DANIEL RUSSELL
Solution Architect
340 Findon Road, KIDMAN PARK, SA 5025
T: +61 8 8461 4841 F: +61 8 8461 4899
E: danielr at hostworks.com.au<mailto:danielr at hostworks.com.au>
W: www.hostworks.com.au<http://www.hostworks.com.au/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160718/242b409c/attachment.html>


More information about the OpenStack-dev mailing list