[openstack-dev] Unified Guest Agent proposal

Lars Kellogg-Stedman lars at redhat.com
Mon Dec 16 16:18:55 UTC 2013


On Fri, Dec 13, 2013 at 11:32:01AM -0800, Fox, Kevin M wrote:
> I hadn't thought about that use case, but that does sound like it
> would be a problem.

That, at least, is not much of a problem, because you can block access
to the metadata via a blackhole route or similar after you complete
your initial configuration:

  ip route add blackhole 169.254.169.254 

This prevents access to the metadata unless someone already has root
access on the instance.

-- 
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ irc
Cloud Engineering / OpenStack          | "   "  @ twitter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131216/287a33cc/attachment.pgp>


More information about the OpenStack-dev mailing list