openstack team mailing list archive

[Julien Danjou <julien@xxxxxxxxxxx>]

On Mon, Nov 05 2012, Doug Hellmann wrote:

> If we make the current compute agent take an option telling it which
> pollster namespace to use, then the same framework can load different
> pollsters. However, there is a fundamental security issue with
> communicating from an agent running inside a tenant's OS image using the
> RPC stack. At DreamHost, and I suspect at other providers, that RPC network
> is completely isolated from any tenant networks. We would not want a tenant
> to be able to listen to the message bus, and definitely would not want it
> to be able to write anything to the message bus.

What makes you think an agent would run inside an instance? I mean, this
is not what this is about, we're talking about hardware running OS.

-- 
Julien Danjou
# Free Software hacker & freelance
# http://julien.danjou.info

Attachment: pgpxnOJqN25Wp.pgp
Description: PGP signature