Train Series Release Notes¶
Privsep transitions. Cyborg is transitioning from using the older style rootwrap privilege escalation path to the new style Oslo privsep path. This should improve performance and security of Cyborg in the long term.
Privsep daemons are now started by Cyborg when required. These daemons can be started via rootwrap if required. rootwrap configs therefore need to be updated to include new privsep daemon invocations.
Use oslo.privsep instead of subprocess to execute sudo related shell operations can prevent shell injection attacks.