Comment 2 for bug 1989008

I don't know that there's anything we can do about this in privsep itself. As noted in the report, the docs already recommend against designs like this, but there's nothing we can do to stop people from implementing overly broad functions.

I think this is mainly a result of the Nova privsep migration being left in a partially-completed state. Originally the plan was to do a 1:1 migration of rootwrap to privsep, and then re-work the privileged functions to better fit the privsep paradigm. Since the second step hasn't happened (to my knowledge), we're still left with this problem, which is largely a carryover from the rootwrap design.