[Openstack-operators] Managing security incidents: how to find the guilty VM ?

Antonio Messina antonio.s.messina at gmail.com
Sat Aug 1 09:01:46 UTC 2015


On Sat, Aug 1, 2015 at 5:27 AM, gustavo panizzo <gfa> <gfa at zumbi.com.ar> wrote:
> On Fri, Jul 31, 2015 at 05:48:19 +0200, Antonio Messina wrote:
>> a) in case neutron supports "triggers" (but I don't think so), e.g.
>> shell commands that are executed whenever a namespace is created,
>> startup of ulogd could be executed by the trigger
>
> for a long time I wish neutron had triggers/hooks before and after setup
> the network namespaces, I would happily help to define an RFE, spec, of it.
>
> my usecase is similar, I want to modify the firewall inside the
> namespace

If you check my most recent email on this thread, I've shown how to
solve my issue using a wrapper around 'ip' command and properly
configured rootwrap filters. Maybe it also works for your use case.

.a.

-- 
antonio.s.messina at gmail.com
antonio.messina at uzh.ch                     +41 (0)44 635 42 22
S3IT: Service and Support for Science IT   http://www.s3it.uzh.ch/
University of Zurich
Winterthurerstrasse 190
CH-8057 Zurich Switzerland



More information about the OpenStack-operators mailing list