My quick take on irc was that I'm pretty sure tgtd would not be accessible to VMs from their private network. If a cloud operator makes their management network publicly accessible, then this is an issue ... but clearly that's not a sane deployment choice.
However, I had assumed we had at least host/initiator based access control here - the initialize_connection() method supplies the initiator details and we could configure access control from there. That would be a new feature, though, not suitable for backporting because of the regression risk.
My quick take on irc was that I'm pretty sure tgtd would not be accessible to VMs from their private network. If a cloud operator makes their management network publicly accessible, then this is an issue ... but clearly that's not a sane deployment choice.
However, I had assumed we had at least host/initiator based access control here - the initialize_ connection( ) method supplies the initiator details and we could configure access control from there. That would be a new feature, though, not suitable for backporting because of the regression risk.