a059e70486
This is the first example of something where we can't just move to python calls on the far side of the trust boundary. So we just move the executes() to the trusted sie and make sure their attack surface is as small as possible. Change-Id: Ib8d3b48f5a1482a7a040e58bec6b3a599c8c6fd0 blueprint: hurrah-for-privsep
8 lines
276 B
YAML
8 lines
276 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
A sys-admin privsep daemon has been added and needs to be included in your
|
|
rootwrap configuration.
|
|
- |
|
|
The following commands are no longer required to be listed in your rootwrap
|
|
configuration: cat; chown; cryptsetup; readlink; tee; touch. |