From f62ba3e8f8e24d46e5ccc5160baaffe36f894cc0 Mon Sep 17 00:00:00 2001
From: Corey Bryant <corey.bryant@canonical.com>
Date: Fri, 30 Jun 2017 18:10:50 +0000
Subject: [PATCH] Interface updates including chmod and sys_module

* Add account-control plug: This is required to enable chmod calls.

* Add kernel-module-control plug: This is required to enable the sys_module
  capability.

* Drop system-trace plug: This was raised during the review for auto-connecting
  interfaces for the nova-hypervisor snap [1]. The system-trace plug gives
  privileged access to all processes on the system, so ideally we don't want to
  connect it. I haven't hit any issues when testing without it.

  [1] forum.snapcraft.io/t/auto-connecting-the-nova-hypervisor-interfaces/1145

Change-Id: I9de1b0fff4e98df48a60202af53057f8edf662ba
---
 snapcraft.yaml | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/snapcraft.yaml b/snapcraft.yaml
index 85e92ca..967a49f 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -23,10 +23,12 @@ apps:
     command: snap-openstack nova-compute
     daemon: simple
     plugs:
+      - account-control
+      - kernel-module-control
       - network
       - network-bind
+      - network-control
       - firewall-control
-      - system-trace
       - hardware-observe
       - libvirt
       - openvswitch
@@ -34,6 +36,7 @@ apps:
     command: snap-openstack nova-api-metadata
     daemon: simple
     plugs:
+      - account-control
       - network
       - network-bind
       - firewall-control
@@ -41,44 +44,46 @@ apps:
     command: snap-openstack neutron-openvswitch-agent
     daemon: simple
     plugs:
+      - account-control
       - network
       - network-bind
       - network-control
       - network-observe
       - firewall-control
       - process-control
-      - system-trace
       - system-observe
       - openvswitch
   neutron-l3-agent:
     command: snap-openstack neutron-l3-agent
     daemon: simple
     plugs:
+      - account-control
       - network
       - network-bind
       - network-control
       - network-observe
       - firewall-control
       - process-control
-      - system-trace
       - system-observe
       - openvswitch
   neutron-dhcp-agent:
     command: snap-openstack neutron-dhcp-agent
     daemon: simple
     plugs:
+      - account-control
+      - kernel-module-control
       - network
       - network-bind
       - network-control
       - network-observe
       - process-control
-      - system-trace
       - system-observe
       - openvswitch
   neutron-metadata-agent:
     command: snap-openstack neutron-metadata-agent
     daemon: simple
     plugs:
+      - account-control
       - network
       - network-bind
       - network-control