cyborg/releasenotes/notes/implement_oslo_privsep-4fc6...

15 lines
602 B
YAML

---
security:
- |
Privsep transitions. Cyborg is transitioning from using the older
style rootwrap privilege escalation path to the new style Oslo privsep
path. This should improve performance and security of Cyborg
in the long term.
- |
Privsep daemons are now started by Cyborg when required. These
daemons can be started via rootwrap if required. rootwrap configs
therefore need to be updated to include new privsep daemon invocations.
- |
Use oslo.privsep instead of subprocess to execute sudo related shell
operations can prevent shell injection attacks.