Comment 3 for bug 918226

Nova is already launched without any root privileges. But the nova user is allowed to call a set of commands as root. For more explanation see http://fnords.wordpress.com/2011/11/23/improving-nova-privilege-escalation-model-part-1/ and subsequent posts in this series.