diff --git a/etc/glance/rootwrap.d/glance_cinder_store.filters b/etc/glance/rootwrap.d/glance_cinder_store.filters
index 39f7de6a..46c389b7 100644
--- a/etc/glance/rootwrap.d/glance_cinder_store.filters
+++ b/etc/glance/rootwrap.d/glance_cinder_store.filters
@@ -5,25 +5,8 @@
 # cinder store driver
 disk_chown: RegExpFilter, chown, root, chown, \d+, /dev/(?!.*/\.\.).*
 
-# os-brick
-mount: CommandFilter, mount, root
-blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.*
-tee: CommandFilter, tee, root
-mkdir: CommandFilter, mkdir, root
-chown: RegExpFilter, chown, root, chown root:root /etc/pstorage/clusters/(?!.*/\.\.).*
-ip: CommandFilter, ip, root
-dd: CommandFilter, dd, root
-iscsiadm: CommandFilter, iscsiadm, root
-aoe-revalidate: CommandFilter, aoe-revalidate, root
-aoe-discover: CommandFilter, aoe-discover, root
-aoe-flush: CommandFilter, aoe-flush, root
-read_initiator: ReadFileFilter, /etc/iscsi/initiatorname.iscsi
-multipath: CommandFilter, multipath, root
-multipathd: CommandFilter, multipathd, root
-systool: CommandFilter, systool, root
-sg_scan: CommandFilter, sg_scan, root
-cp: CommandFilter, cp, root
-drv_cfg: CommandFilter, /opt/emc/scaleio/sdc/bin/drv_cfg, root, /opt/emc/scaleio/sdc/bin/drv_cfg, --query_guid
-sds_cli: CommandFilter, /usr/local/bin/sds/sds_cli, root
-vgc-cluster: CommandFilter, vgc-cluster, root
-scsi_id: CommandFilter, /lib/udev/scsi_id, root
+# os-brick library commands
+# os_brick.privileged.run_as_root oslo.privsep context
+# This line ties the superuser privs with the config files, context name,
+# and (implicitly) the actual python code invoked.
+privsep-rootwrap: RegExpFilter, privsep-helper, root, privsep-helper, --config-file, /etc/(?!\.\.).*, --privsep_context, os_brick.privileged.default, --privsep_sock_path, /tmp/.*