x/snap-nova-hypervisor
Code Issues Proposed changes

Drop privileges when running commands

Browse Source 
Drop privileges to a regular user when running commands defined
by this snap.

Change-Id: I6b4526a53432992c201f0b2693598bd7f090b3a1
This commit is contained in:
Corey Bryant 2017-05-17 19:47:05 +00:00
parent d9e1e5bfb2
commit 78c8c92b4b
2 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
snap/snap-openstack.yaml
View File

@ -1,12 +1,19 @@
setup:
users:
snap-nova-hypervisor: [snap-nova-hypervisor]
default-owner: "root:snap-nova-hypervisor"
dirs:
- "{snap_common}/etc"
- "{snap_common}/etc/nova"
- "{snap_common}/etc/nova/conf.d"
- "{snap_common}/etc/neutron"
- "{snap_common}/etc/neutron/conf.d"
- "{snap_common}/etc/neutron/plugins"
- "{snap_common}/etc/neutron/plugins/ml2"
- "{snap_common}/instances"
- "{snap_common}/lib"
- "{snap_common}/log"
- "{snap_common}/lock"
- "{snap_common}/log"
- "{snap_common}/run"
templates:
nova-snap.conf.j2: "{snap_common}/etc/nova/conf.d/nova-snap.conf"
@ -14,6 +21,12 @@ setup:
copyfiles:
"{snap}/etc/nova": "{snap_common}/etc/nova"
"{snap}/etc/neutron": "{snap_common}/etc/neutron"
rchown:
"{snap_common}/instances": "snap-nova-hypervisor:snap-nova-hypervisor"
"{snap_common}/lib": "snap-nova-hypervisor:snap-nova-hypervisor"
"{snap_common}/lock": "snap-nova-hypervisor:snap-nova-hypervisor"
"{snap_common}/log": "snap-nova-hypervisor:snap-nova-hypervisor"
"{snap_common}/run": "snap-nova-hypervisor:snap-nova-hypervisor"
entry_points:
nova-compute:
binary: "{snap}/bin/nova-compute"
@ -22,6 +35,8 @@ entry_points:
config-dirs:
- "{snap_common}/etc/nova/conf.d"
log-file: "{snap_common}/log/nova-compute.log"
run-as:
snap-nova-hypervisor: [snap-nova-hypervisor]
nova-api-metadata:
binary: "{snap}/bin/nova-api-metadata"
config-files:
@ -29,6 +44,8 @@ entry_points:
config-dirs:
- "{snap_common}/etc/nova/conf.d"
log-file: "{snap_common}/log/nova-api-metadata.log"
run-as:
snap-nova-hypervisor: [snap-nova-hypervisor]
neutron-openvswitch-agent:
binary: "{snap}/bin/neutron-openvswitch-agent"
config-files:
@ -37,18 +54,24 @@ entry_points:
config-dirs:
- "{snap_common}/etc/neutron/conf.d"
log-file: "{snap_common}/log/neutron-openvswitch-agent.log"
run-as:
snap-nova-hypervisor: [snap-nova-hypervisor]
neutron-ovs-cleanup:
binary: "{snap}/bin/neutron-ovs-cleanup"
config-files:
- "{snap_common}/etc/neutron/neutron.conf"
config-dirs:
- "{snap_common}/etc/neutron/conf.d"
run-as:
snap-nova-hypervisor: [snap-nova-hypervisor]
neutron-netns-cleanup:
binary: "{snap}/bin/neutron-netns-cleanup"
config-files:
- "{snap_common}/etc/neutron/neutron.conf"
config-dirs:
- "{snap_common}/etc/neutron/conf.d"
run-as:
snap-nova-hypervisor: [snap-nova-hypervisor]
neutron-l3-agent:
binary: "{snap}/bin/neutron-l3-agent"
config-files:
@ -57,6 +80,8 @@ entry_points:
config-dirs:
- "{snap_common}/etc/neutron/conf.d"
log-file: "{snap_common}/log/neutron-l3-agent.log"
run-as:
snap-nova-hypervisor: [snap-nova-hypervisor]
neutron-dhcp-agent:
binary: "{snap}/bin/neutron-dhcp-agent"
config-files:
@ -65,6 +90,8 @@ entry_points:
config-dirs:
- "{snap_common}/etc/neutron/conf.d"
log-file: "{snap_common}/log/neutron-dhcp-agent.log"
run-as:
snap-nova-hypervisor: [snap-nova-hypervisor]
neutron-metadata-agent:
binary: "{snap}/bin/neutron-metadata-agent"
config-files:
@ -73,3 +100,5 @@ entry_points:
config-dirs:
- "{snap_common}/etc/neutron/conf.d"
log-file: "{snap_common}/log/neutron-metadata-agent.log"
run-as:
snap-nova-hypervisor: [snap-nova-hypervisor]

2
snapcraft.yaml
View File

@ -80,7 +80,7 @@ parts:
bin:
- bin/dnsmasq
stage: [$bin]
snap: [$bin]
prime: [$bin]
openvswitch:
source: http://openvswitch.org/releases/openvswitch-2.6.1.tar.gz
plugin: autotools