Stuart: actually you want code to run as underprivileged as possible. Here none of glance (or nova) runs as root, which is good. Only the postinst packaging script (and upstart script) do... So maybe keeping /bin/bash as shell is the best trade-off.
Stuart: actually you want code to run as underprivileged as possible. Here none of glance (or nova) runs as root, which is good. Only the postinst packaging script (and upstart script) do... So maybe keeping /bin/bash as shell is the best trade-off.