So is this something that requires access to the hypervisor? i.e. you need to be root on the underlying compute node? If so, tcpdump can already be used by root to capture tenant traffic. It doesn't look like it's something that can be done from inside a tenant VM, so I don't see why it is a security issue?
So is this something that requires access to the hypervisor? i.e. you need to be root on the underlying compute node? If so, tcpdump can already be used by root to capture tenant traffic. It doesn't look like it's something that can be done from inside a tenant VM, so I don't see why it is a security issue?