To restrict IPMI commands
Brad Bishop
bradleyb at fuzziesquirrel.com
Thu Mar 28 01:39:26 AEDT 2019
On Sat, Mar 16, 2019 at 01:04:53PM +0000, P. K. Lee (李柏寬) wrote:
>Hi Vernon,
>
>Thank you for providing a new filtering mechanism that looks very
>flexible, but I have a question. I have tried the filter that allows
>filtering of commands by whitelistFilter, but the channel of request
>must be channelSystemIfac to check the contents of the whitelist. What
>puzzles me is why channelSystemIfac is in the constraint? This
>constraint will cause the whitelist to fail when the user calls the
>IPMI command via the LAN. If the user wants to use the whitelist vis
>the LAN,
Hi P.K.
If I understand correctly, you want to have a system that operates in
one of two modes - restricted or un-restricted. When the system is in
restricted mode, only whitelisted commands will be processed from _any_
channel. Do I understand correctly?
How do you restore the system to unrestricted mode? Some side-band (non
IPMI) mechanism?
If you are able to share, I'm curious to know more about the usage
pattern driving the need for this.
More information about the openbmc
mailing list