Neutron ipv6_utils.is_enabled() uses /proc/sys/net/ipv6/conf/default/disable_ipv6
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
Undecided
|
Dustin Lundquist |
Bug Description
Neutron uses /proc/sys/
By default Linux assigns link-local address to all new interfaces if this sysctl is not enabled, this exposes the host machine to tenant networks. To harden a deployment an administrator may set this sysctl and explicitly disable /proc/sys/
In this case Neutron will detect /proc/sys/
Can we expose ipv6_utils.
Changed in neutron: | |
assignee: | nobody → Dustin Lundquist (dlundquist) |
status: | New → In Progress |
Patch submitted: https:/ /review. openstack. org/#/c/ 196199/