I also happened to be looking at this today and was wondering about this as well. From the multi-places that talk about how to enable the qemu guest agent for quiescing drives during snapshots, they all have a warning that this should be enabled on trusted guests only. [1] [2] [3] So, I am wondering has anyone actually solved any of the security issues called out in the tail end of [3]? It seems interesting that we would would make it so where the only flag that’s needed to enabled/disable this is done on the image metadata – which any users that is given permission to upload images can set. Since this opens up a communication channel directly between the Untrusted (for most people running a cloud) vm and libvirt running on the HV.
[1] - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-QEMU_Guest_Agent.html#idp948771<https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-QEMU_Guest_Agent.html#idp9487712>2 (see the warning directly the title) [2] - http://wiki.libvirt.org/page/Qemu_guest_agent (see the last sentence) [3] - http://wiki.qemu.org/Features/QAPI/GuestAgent (See the Security section) ___________________________________________________________________ Kris Lindgren Senior Linux Systems Engineer GoDaddy
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
