Re: [PATCH 0/6] Introduce OpenSSH authorized key file mgmt APIs
On 11/12/20 1:16 PM, Vasiliy Tolstov wrote:
Useful things. As i understand it qemu-ga eventually can replace
cloud-init stuff. As for now it already have high level api and low
level api (like read/write files)
Yeah, the low level file manipulation APIs are terrible because they
have to rely on SELinux to prevent qemu-ga from doing something bad.
Which in this case would end up in either disabling SELinux (bad) or
having to write custom policies so that qemu-ga can modify
authorized_keys files.
And also, from mgmt application's POV they are not atomic.
Michal