On Thu, Nov 21, 2019 at 11:52 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote: > > * Daniel P. Berrangé: > > >> This goes probably in a different direction of what has been implement > >> so far, but would it actually harm to enable the network-based > >> instance-data injection by default? The advantage would be that it also > >> blocks these requests from leaking to untrusted parties, which could > >> then serve bogus data to compromise the virtual machine. > > > > I don't understand what you mean by leaking data to untrusted parties > > here in contetx of config drive ? I've considerd the config drive to > > be more secure / less risky than network service. > > I'm assuming that cloud-init will try all sources in parallel, given > that there's a delay for both the network coming about and hardware > being detected. Hi, there are many controls to that. By default it is most configurable, but you can set it to your needs of e.g. only local data sources. As outlined by Daniel already this is pretty safe, but if still concerned about it, you can control it [1]: - image builders can disable things by a drop in file that controls which sources are queried - local users can control it via kernel-commandline (which most tools provide an option to append things to) You can also use this to speed up boots skipping the otherwise required network probing timeouts. [1]: https://github.com/canonical/cloud-init/blob/master/tools/ds-identify > Thanks, > Florian > -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd _______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list
