Comment 5 for bug 1311804

So since people are seeing different behaviors, is there some underlying security setting controlling this? It would be good to know why that difference exists.

I say this because we spent some time in Icehouse, and will be doing more in Juno, to reduce calls using rootwrap to increase performance in Neutron. There is even a design summit session to discuss this:

https://etherpad.openstack.org/p/neutron-agent-exec-performance
http://junodesignsummit.sched.org/event/21b51dfcc1d4098383904f923dfb9a74 (Friday 2:10 timeslot)

And perhaps if there is no other solution, maybe it's possible to detect when we're on such a distro (or have a config flag), and use rootwrap only then, as there migt be other places we also need to do this. I just don't want to take a step backwards and impact all the other distros because of this one if possible.