Ironic user can change ipmi address so that OpenStack ironic lose control of bare mental. I think that is unacceptable. It seems that we should make ironic image without root privilege From: xiefp88 at sina.com [mailto:xiefp88 at sina.com] Sent: Thursday, January 11, 2018 9:12 AM To: Guo James; openstack Subject: 回复:[Openstack] [ironic] how to prevent ironic user to controle ipmi through OS? If you can not get the usename and password of the OS, you can not modify ipmi configuration through you got the ironic user info. ----- 原始邮件 ----- 发件人:Guo James <guoyongxhzhf at outlook.com<mailto:guoyongxhzhf at outlook.com>> 收件人:"openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>" <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>> 主题:[Openstack] [ironic] how to prevent ironic user to controle ipmi through OS? 日期:2018年01月10日 17点21分 I notice that after an ironic user get a bare mental successfully, he can access ipmi through ipmi device although he can't access ipmi through LAN How to prevent the situation? If he modify ipmi configuration, that will be mess. _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20180111/96c994cf/attachment.html>