diff --git a/templates/usr.bin.nova-compute b/templates/usr.bin.nova-compute
index 7223cfc7..9b4de5a0 100644
--- a/templates/usr.bin.nova-compute
+++ b/templates/usr.bin.nova-compute
@@ -31,6 +31,7 @@
   deny /* w,
 
   /bin/* rix,
+  /dev/ r,
   /dev/disk/** r,
   /dev/disk/by-id/* r,
   /dev/mapper/control wr,
@@ -74,7 +75,7 @@
   /run/libvirt/libvirt-sock rw,
   /run/lock/iscsi/ rw,
   /run/lock/iscsi/** rwl,
-  /run/lock/nova/nova-iptables wk,
+  /run/lock/nova/* wk,
   /run/lock/qemu-nbd-nbd* w,
   /run/openvswitch/db.sock rw,
   /run/uuidd/request rw,
@@ -93,6 +94,7 @@
   /{usr/,}sbin/e2label rix,
   /{usr/,}sbin/tune2fs rix,
   /sys/block/ r,
+  /sys/bus/scsi/devices/ r,
   /sys/class/fc_host/{,**} r,
   /sys/class/iscsi_host/ r,
   /sys/class/iscsi_session/ r,