> - virtio-vsock - think of this as UNIX domain sockets between the host and > guest. This is to deal with the valid use case of people wanting to use > a network protocol, but not wanting an real NIC exposed to the guest/host > for security concerns. As such I think it'd be useful to run the metadata > service over virtio-vsock as an option. It'd likely address at lesat some > people's security concerns wrt metadata service. It would also fix the > ability to use the metadat service in IPv6-only environments, as we would > not be using IP at all :-)
Is this currently exposed by libvirt? I had a look at [1] and couldn't find any mention of 'vsock' or anything that resembles what you've described. [1] https://libvirt.org/formatdomain.html __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev