Open Stack

On Mon, Nov 05 2012, Doug Hellmann wrote:

> If we make the current compute agent take an option telling it which
> pollster namespace to use, then the same framework can load different
> pollsters. However, there is a fundamental security issue with
> communicating from an agent running inside a tenant's OS image using the
> RPC stack. At DreamHost, and I suspect at other providers, that RPC network
> is completely isolated from any tenant networks. We would not want a tenant
> to be able to listen to the message bus, and definitely would not want it
> to be able to write anything to the message bus.

What makes you think an agent would run inside an instance? I mean, this
is not what this is about, we're talking about hardware running OS.

-- 
Julien Danjou
# Free Software hacker & freelance
# http://julien.danjou.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121105/0830adc4/attachment.sig>