Comment 2 for bug 1819461

So I looked at this a bit more and it is not specific to nova. This is how kolla really works.

When a container calls '/usr/local/bin/kolla_start' the following line gets invoked:
sudo -E kolla_set_configs

This will make sure that we invoke kolla_set_config via sudo (in case we're running as a non-root user). From /etc/sudoers
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs

So now, given that this is how sudo/kolla work to set the configs, we need to find a way to avoid the denials.