Comment 5 for bug 1700501

This is too vague to be actionable. There is one example, and it's not clear where in the system the concern is. And the kinds of changes to make this be as restricted as one would like really don't lead well to a bug, but would require a more systematic push to really embrace something like privsep.

In general, the use of root wrap on nova-compute is honestly pointless in my pov. Besides chmod, cat, dd and a few others are running more or less unrestricted. It just doesn't make for a useful security model.