Hello,
I want to request some option to add blocking of virtio-serial on KVM/QEMU.
From Mikrotik support reply:
The QEMU Guest Agent does not require VM credentials because it does not log into the OS like a normal user.
Instead, it runs inside the VM with system/root privileges and communicates with the hypervisor via a private internal channel called "virtio-serial." QEMU creates and controls this channel, which is not exposed to the network and does not use username/password authentication.The security model assumes that the hypervisor and its administrator are fully trusted. Anyone who can access the QEMU/QMP interface has full control of the VM, so no additional OS-level credentials are required. The guest agent only executes a limited set of safe, system-level operations and cannot run arbitrary commands unless explicitly configured to do so.
I think, this is very important option, when CHR Hosted not on private KVM/QEMU host. When it on some commercial host. Commercial hosting assumes that the hypervisor and its administrator are cannot be fully trusted trusted by default.
Without this requested option, hypervisor and its administrator can run for example:
echo '/export show-sensitive' | qm guest exec --pass-stdin 1
This command returns the full configuration dump, including credentials and VPN secrets, via the agent channel.