[openstack-dev] [nova][ironic] making file injection optional / removing it
Thierry Carrez
thierry at openstack.org
Wed May 8 08:19:50 UTC 2013
Robert Collins wrote:
> For baremetal, file injection is a scalability, security and
> performance headache.
Getting rid of serverside file injection would get us rid of a HUGE
attack surface and dozens of pretty significant rootwrap calls.
Personally I'd like to see it gone permanently everywhere, but I know
some people are attached to it.
Would be great to have a long-term plan about that and fold the
baremetal non-support for it in that plan.
--
Thierry Carrez (ttx)
With the Vulnerability Management team hat
More information about the OpenStack-dev
mailing list