On Fri, Dec 13, 2013 at 11:32:01AM -0800, Fox, Kevin M wrote:
> I hadn't thought about that use case, but that does sound like it
> would be a problem.

That, at least, is not much of a problem, because you can block access
to the metadata via a blackhole route or similar after you complete
your initial configuration:

  ip route add blackhole 169.254.169.254 

This prevents access to the metadata unless someone already has root
access on the instance.

-- 
Lars Kellogg-Stedman <l...@redhat.com> | larsks @ irc
Cloud Engineering / OpenStack          | "   "  @ twitter

Attachment: pgp4mFXCAneZr.pgp
Description: PGP signature

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to