diff --git a/cinder/privsep/fs.py b/cinder/privsep/fs.py
new file mode 100644
index 00000000000..e788d4e6c11
--- /dev/null
+++ b/cinder/privsep/fs.py
@@ -0,0 +1,29 @@
+# Copyright 2018 Red Hat, Inc
+# Copyright 2017 Rackspace Australia
+# Copyright 2018 Michael Still and Aptira
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""
+Helpers for filesystem related routines.
+"""
+
+
+from oslo_concurrency import processutils
+
+import cinder.privsep
+
+
+@cinder.privsep.sys_admin_pctxt.entrypoint
+def umount(mountpoint):
+    processutils.execute('umount', mountpoint, attempts=1, delay_on_retry=True)
diff --git a/cinder/volume/drivers/nexenta/nfs.py b/cinder/volume/drivers/nexenta/nfs.py
index 0b0712786b8..1cd1f79925d 100644
--- a/cinder/volume/drivers/nexenta/nfs.py
+++ b/cinder/volume/drivers/nexenta/nfs.py
@@ -28,6 +28,7 @@ from cinder import db
 from cinder import exception
 from cinder.i18n import _
 from cinder import interface
+import cinder.privsep.fs
 from cinder.volume.drivers.nexenta import jsonrpc
 from cinder.volume.drivers.nexenta import options
 from cinder.volume.drivers.nexenta import utils
@@ -451,7 +452,7 @@ class NexentaNfsDriver(nfs.NfsDriver):  # pylint: disable=R0921
             mount_path = self.remote_path(volume).strip(
                 '/%s' % self.VOLUME_FILE_NAME)
             if mount_path in self._remotefsclient._read_mounts():
-                self._execute('umount', mount_path, run_as_root=True)
+                cinder.privsep.fs.umount(mount_path)
             try:
                 props = nms.folder.get_child_props(folder, 'origin') or {}
                 nms.folder.destroy(folder, '-r')
diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters
index e851f66a53f..d0da8edfac5 100644
--- a/etc/cinder/rootwrap.d/volume.filters
+++ b/etc/cinder/rootwrap.d/volume.filters
@@ -118,7 +118,6 @@ netapp_nfs_touch: CommandFilter, touch, root
 
 # cinder/volume/drivers/glusterfs.py
 chgrp: CommandFilter, chgrp, root
-umount: CommandFilter, umount, root
 
 # cinder/brick/initiator/connector.py:
 ls: CommandFilter, ls, root