Package: qemu-guest-agent Version: 1:7.2+dfsg-7+deb12u6 Severity: normal Hello,
The service file qemu-guest-agent is not allowing to customize the options. Worst it seems that it's not blacklisting some of the RPC calls by default If I look at what fedora is doing it allows that and even does it by default: https://src.fedoraproject.org/rpms/qemu/blob/rawhide/f/qemu-guest-agent.service https://src.fedoraproject.org/rpms/qemu/blob/rawhide/f/qemu-ga.sysconfig That should be added I'm also wondering whether this is not a security issue too Kind regards, Laurent Bigonville -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.9.8-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages qemu-guest-agent depends on: ii init-system-helpers 1.66 ii libc6 2.38-14 ii libglib2.0-0t64 2.80.4-1 ii libnuma1 2.0.18-1 ii libudev1 256.2-1 ii liburing2 2.6-1 qemu-guest-agent recommends no packages. qemu-guest-agent suggests no packages.
