Feel free to read [1] for context, here the quote that made me poll for opinions: "it would be nice in the future to have some standardized path for user provided guest-read-only stuff" The TL;DR of their case is: - extra info they want to pass, but is not part of libvirts guest description (qemu-cmdline in their case) - apparmor blocks their access to an unknown path There are no reliable paths today to put data for a guest. Guests are names with their ID in the paths - so even knowing the guest name - they are not predictable (for example /var/lib/libvirt/qemu/domain-1-guestname/ might be different next time). Due to that I can see their use-case for "let all read from there", but OTOH "let all" always feels wrong at first from a security POV. Therefore i wanted to poll for opinions on this before suggesting any change. [1]: https://github.com/coreos/bugs/issues/2083#issuecomment-380404427 -- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd