[openstack-dev] Unified Guest Agent proposal
Lars Kellogg-Stedman
lars at redhat.com
Mon Dec 16 16:18:55 UTC 2013
On Fri, Dec 13, 2013 at 11:32:01AM -0800, Fox, Kevin M wrote:
> I hadn't thought about that use case, but that does sound like it
> would be a problem.
That, at least, is not much of a problem, because you can block access
to the metadata via a blackhole route or similar after you complete
your initial configuration:
ip route add blackhole 169.254.169.254
This prevents access to the metadata unless someone already has root
access on the instance.
--
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ irc
Cloud Engineering / OpenStack | " " @ twitter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131216/287a33cc/attachment.pgp>
More information about the OpenStack-dev
mailing list