On Fri, Dec 13, 2013 at 11:32:01AM -0800, Fox, Kevin M wrote:
> I hadn't thought about that use case, but that does sound like it
> would be a problem.

That, at least, is not much of a problem, because you can block access
to the metadata via a blackhole route or similar after you complete
your initial configuration:

  ip route add blackhole 

This prevents access to the metadata unless someone already has root
access on the instance.

Lars Kellogg-Stedman <l...@redhat.com> | larsks @ irc
Cloud Engineering / OpenStack          | "   "  @ twitter

Attachment: pgp4mFXCAneZr.pgp
Description: PGP signature

OpenStack-dev mailing list

Reply via email to