[PATCH 0/6] Introduce OpenSSH authorized key file mgmt APIs
Michal Privoznik
mprivozn at redhat.com
Thu Nov 12 12:36:43 UTC 2020
On 11/12/20 1:16 PM, Vasiliy Tolstov wrote:
> Useful things. As i understand it qemu-ga eventually can replace
> cloud-init stuff. As for now it already have high level api and low
> level api (like read/write files)
Yeah, the low level file manipulation APIs are terrible because they
have to rely on SELinux to prevent qemu-ga from doing something bad.
Which in this case would end up in either disabling SELinux (bad) or
having to write custom policies so that qemu-ga can modify
authorized_keys files.
And also, from mgmt application's POV they are not atomic.
Michal
More information about the libvir-list
mailing list