diff --git a/cinder/brick/local_dev/lvm.py b/cinder/brick/local_dev/lvm.py
index 3455a6af6e3..4231bf7f5bb 100644
--- a/cinder/brick/local_dev/lvm.py
+++ b/cinder/brick/local_dev/lvm.py
@@ -147,8 +147,7 @@ class LVM(executor.Executor):
         return exists
 
     def _create_vg(self, pv_list):
-        cmd = ['vgcreate', self.vg_name, ','.join(pv_list)]
-        self._execute(*cmd, root_helper=self._root_helper, run_as_root=True)
+        cinder.privsep.lvm.create_volume(self.vg_name, pv_list)
 
     def _get_thin_pool_free_space(self, vg_name, thin_pool_name):
         """Returns available thin pool free space.
diff --git a/cinder/privsep/lvm.py b/cinder/privsep/lvm.py
index aeb47fd6a44..cfa48af57cd 100644
--- a/cinder/privsep/lvm.py
+++ b/cinder/privsep/lvm.py
@@ -30,3 +30,9 @@ def udevadm_settle():
 def lvrename(vg_name, lv_name, new_name):
     processutils.execute(
         'lvrename', vg_name, lv_name, new_name)
+
+
+@cinder.privsep.sys_admin_pctxt.entrypoint
+def create_vg(vg_name, pv_list):
+    cmd = ['vgcreate', vg_name, ','.join(pv_list)]
+    processutils.execute(*cmd)
diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters
index dd8fb222ab3..cdd9b084f15 100644
--- a/etc/cinder/rootwrap.d/volume.filters
+++ b/etc/cinder/rootwrap.d/volume.filters
@@ -45,9 +45,6 @@ privsep-rootwrap-sys_admin: RegExpFilter, privsep-helper, root, privsep-helper,
 # is updated appropriately.
 drbdadm: CommandFilter, drbdadm, root
 
-# cinder/brick/local_dev/lvm.py: 'vgcreate', vg_name, pv_list
-vgcreate: CommandFilter, vgcreate, root
-
 # cinder/brick/local_dev/lvm.py: 'lvcreate', '-L', sizestr, '-n', volume_name,..
 # cinder/brick/local_dev/lvm.py: 'lvcreate', '-L', ...
 lvcreate: EnvFilter, env, root, LC_ALL=C, lvcreate