Hi, We are running a public cloud and allow customers to upload their own images. A concern we have is that a customer could set hw_qemu_guest_agent=yes in the image metadata and then get a socket to the hypervisor created when running. For us, this is a bit of a security concern and I'm not aware of any way to globally disable this feature at the moment. Is there any work going on to add the ability to enable/disable the feature globally? Would it be of interest to the project(s) to add that? I am happy to look into it and am keen to start contributing if it's deemed low enough hanging fruit for a new guy! Regards, DANIEL RUSSELL Solution Architect 340 Findon Road, KIDMAN PARK, SA 5025 T: +61 8 8461 4841 F: +61 8 8461 4899 E: danielr at hostworks.com.au<mailto:danielr at hostworks.com.au> W: www.hostworks.com.au<http://www.hostworks.com.au/> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160718/242b409c/attachment.html>