As of Icehouse, oslo.rootwrap is released as a separate library, to be consumed by entry points defined in various OpenStack components. However it's far from addressing all the known issues.
The main issue is performance, especially in call-heavy consumers like Neutron. Various options were discussed on the ML, let's see what we want to do about it within the Juno cycle.
Other persistent issues are mostly linked to improving filter definitions in consuming projects to actually make rootwrap useful as a security device. We'll run through those and define easy targets (again).
