[virt-tools-list] virt-install and cloud-init, feedback wanted
Florian Weimer
fweimer at redhat.com
Thu Nov 21 10:52:26 UTC 2019
* Daniel P. Berrangé:
>> This goes probably in a different direction of what has been implement
>> so far, but would it actually harm to enable the network-based
>> instance-data injection by default? The advantage would be that it also
>> blocks these requests from leaking to untrusted parties, which could
>> then serve bogus data to compromise the virtual machine.
>
> I don't understand what you mean by leaking data to untrusted parties
> here in contetx of config drive ? I've considerd the config drive to
> be more secure / less risky than network service.
I'm assuming that cloud-init will try all sources in parallel, given
that there's a delay for both the network coming about and hardware
being detected.
Thanks,
Florian
More information about the virt-tools-list
mailing list