e0460dea1b
In the privsep file, we limit capabilities, and only if the environment variable "VIRTUAL_ENV" is set, we add the c.CAP_DAC_READ_SEARCH capability. This makes deployment very difficult in Docker environments (e.g., Kolla). Looking at Nova and Cinder privsep, this condition does not exist. Change-Id: I0e0d6275bbd7695f836b40d462ef12aa27757968