openstack team mailing list archive

Thread
Date

Re: Libvirt File Injection

To: Kiall Mac Innes <kiall@xxxxxxxxxxxx>, Soren Hansen <soren@xxxxxxxxxxx>
From: Jarret Raim <jarret.raim@xxxxxxxxxxxxx>
Date: Tue, 31 Jan 2012 14:35:51 +0000
Accept-language: en-US
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAGSj+QsMkVRKTkOESGy3K-AFyU+mdvcWBrBDZzpbTrdTZeLm+w@mail.gmail.com>
Thread-index: AQHM334iuzsPKMTkq0moy2YpW2UpG5YlpSWAgAE7woCAAAXbgP//pYIA
Thread-topic: [Openstack] Libvirt File Injection
User-agent: Microsoft-MacOutlook/14.14.0.111121

I'd also add that from a security standpoint, it seems like a better option for it to just fail. If I'm using injected files for a hardening purpose (sshd config, ssh keys, pam configuration, etc) and the box comes up without those modifications, my instance is not as secure as I intended. Not sure anyone is doing that yet, just a possible use case.


Thanks,
Jarret Raim

References

Re: Libvirt File Injection
From: Kiall Mac Innes, 2012-01-31