Comment 6 for bug 1227027

If we have hard-coded an expectation that libvirt and nova will run as separate users but both need to write to the same directory, the obvious solution is to use a group-writeable directory with a specific group to which only those two users belong (and optionally setgid if they'll be making subdirectories within it which they also need to share), though this may not be portable to non-POSIX filesystems (does libvirt run on those sorts of platforms?).

I think the approach attempted in https://review.openstack.org/46645 is on the right track, but instead of defaulting to an insecure behavior we should instead enlist the help of downstream packagers to see that an appropriate group gets created for this purpose and provide similar mitigation recommendations in an OSSA corresponding to introduction of the fixes in all affected branches.