This blocks use of all the 'guest-exec-*' commands unless the QGA is run
with the --unrestricted command line argument.

These commands allow the host admin to execute arbitrary programs and so
directly compromise the guest OS.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 qga/qapi-schema.json | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 2f80d89536..a4f8653446 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1454,11 +1454,17 @@
 #
 # Returns: GuestExecStatus
 #
+# Features:
+#
+# @unrestricted: not permitted if agent disables unrestricted
+#                resource access mode
+#
 # Since: 2.5
 ##
 { 'command': 'guest-exec-status',
   'data':    { 'pid': 'int' },
-  'returns': 'GuestExecStatus' }
+  'returns': 'GuestExecStatus',
+  'features': [ 'unrestricted' ] }
 
 ##
 # @GuestExec:
@@ -1527,12 +1533,18 @@
 #
 # Returns: PID
 #
+# Features:
+#
+# @unrestricted: not permitted if agent disables unrestricted
+#                resource access mode
+#
 # Since: 2.5
 ##
 { 'command': 'guest-exec',
   'data':    { 'path': 'str', '*arg': ['str'], '*env': ['str'],
                '*input-data': 'str', '*capture-output': 'GuestExecCaptureOutput' },
-  'returns': 'GuestExec' }
+  'returns': 'GuestExec',
+  'features': [ 'unrestricted' ] }
 
 
 ##
-- 
2.45.1