Interface updates including chmod and sys_module
* Add account-control plug: This is required to enable chmod calls. * Add kernel-module-control plug: This is required to enable the sys_module capability. * Drop system-trace plug: This was raised during the review for auto-connecting interfaces for the nova-hypervisor snap [1]. The system-trace plug gives privileged access to all processes on the system, so ideally we don't want to connect it. I haven't hit any issues when testing without it. [1] forum.snapcraft.io/t/auto-connecting-the-nova-hypervisor-interfaces/1145 Change-Id: I9de1b0fff4e98df48a60202af53057f8edf662ba
This commit is contained in:
Corey Bryant
parent
676aef1290
commit
f62ba3e8f8
@ -23,10 +23,12 @@ apps:
|
|||||||
command: snap-openstack nova-compute
|
command: snap-openstack nova-compute
|
||||||
daemon: simple
|
daemon: simple
|
||||||
plugs:
|
plugs:
|
||||||
|
- account-control
|
||||||
|
- kernel-module-control
|
||||||
- network
|
- network
|
||||||
- network-bind
|
- network-bind
|
||||||
|
- network-control
|
||||||
- firewall-control
|
- firewall-control
|
||||||
- system-trace
|
|
||||||
- hardware-observe
|
- hardware-observe
|
||||||
- libvirt
|
- libvirt
|
||||||
- openvswitch
|
- openvswitch
|
||||||
@ -34,6 +36,7 @@ apps:
|
|||||||
command: snap-openstack nova-api-metadata
|
command: snap-openstack nova-api-metadata
|
||||||
daemon: simple
|
daemon: simple
|
||||||
plugs:
|
plugs:
|
||||||
|
- account-control
|
||||||
- network
|
- network
|
||||||
- network-bind
|
- network-bind
|
||||||
- firewall-control
|
- firewall-control
|
||||||
@ -41,44 +44,46 @@ apps:
|
|||||||
command: snap-openstack neutron-openvswitch-agent
|
command: snap-openstack neutron-openvswitch-agent
|
||||||
daemon: simple
|
daemon: simple
|
||||||
plugs:
|
plugs:
|
||||||
|
- account-control
|
||||||
- network
|
- network
|
||||||
- network-bind
|
- network-bind
|
||||||
- network-control
|
- network-control
|
||||||
- network-observe
|
- network-observe
|
||||||
- firewall-control
|
- firewall-control
|
||||||
- process-control
|
- process-control
|
||||||
- system-trace
|
|
||||||
- system-observe
|
- system-observe
|
||||||
- openvswitch
|
- openvswitch
|
||||||
neutron-l3-agent:
|
neutron-l3-agent:
|
||||||
command: snap-openstack neutron-l3-agent
|
command: snap-openstack neutron-l3-agent
|
||||||
daemon: simple
|
daemon: simple
|
||||||
plugs:
|
plugs:
|
||||||
|
- account-control
|
||||||
- network
|
- network
|
||||||
- network-bind
|
- network-bind
|
||||||
- network-control
|
- network-control
|
||||||
- network-observe
|
- network-observe
|
||||||
- firewall-control
|
- firewall-control
|
||||||
- process-control
|
- process-control
|
||||||
- system-trace
|
|
||||||
- system-observe
|
- system-observe
|
||||||
- openvswitch
|
- openvswitch
|
||||||
neutron-dhcp-agent:
|
neutron-dhcp-agent:
|
||||||
command: snap-openstack neutron-dhcp-agent
|
command: snap-openstack neutron-dhcp-agent
|
||||||
daemon: simple
|
daemon: simple
|
||||||
plugs:
|
plugs:
|
||||||
|
- account-control
|
||||||
|
- kernel-module-control
|
||||||
- network
|
- network
|
||||||
- network-bind
|
- network-bind
|
||||||
- network-control
|
- network-control
|
||||||
- network-observe
|
- network-observe
|
||||||
- process-control
|
- process-control
|
||||||
- system-trace
|
|
||||||
- system-observe
|
- system-observe
|
||||||
- openvswitch
|
- openvswitch
|
||||||
neutron-metadata-agent:
|
neutron-metadata-agent:
|
||||||
command: snap-openstack neutron-metadata-agent
|
command: snap-openstack neutron-metadata-agent
|
||||||
daemon: simple
|
daemon: simple
|
||||||
plugs:
|
plugs:
|
||||||
|
- account-control
|
||||||
- network
|
- network
|
||||||
- network-bind
|
- network-bind
|
||||||
- network-control
|
- network-control
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user