Nova is already launched without any root privileges. But the nova user is allowed to call a set of commands as root. For more explanation see http://fnords.wordpress.com/2011/11/23/improving-nova-privilege-escalation-model-part-1/ and subsequent posts in this series.
Nova is already launched without any root privileges. But the nova user is allowed to call a set of commands as root. For more explanation see http:// fnords. wordpress. com/2011/ 11/23/improving -nova-privilege -escalation- model-part- 1/ and subsequent posts in this series.