Comment 6 for bug 1989008

I am not an expert on privsep, but do we know if the sockets are protected to the service account?

A quick search appears to point to /tmp locations:

https://opendev.org/openstack/nova/src/branch/master/etc/nova/rootwrap.d/compute.filters