Browse Source
(Not complete strict confinement, but these don't break anything devmode related, and get us closer to having strict confinement working.) Added more needed interfaces to snapcraft.yaml. Created a wrapper around dnsmasq so that we can run as the snap_daemon user. Added snap_daemon user to snapcraft.yaml. Added a utility script for connecting interfaces that don't auto connect (tools/connect.sh). Not useful for production, but saves a lot of time when testing. libvirt no longer uses unix sock group "sudo" (can't run setguid in strict confinement). Got rid of "find_missing_plugins" in init script. By the time we release strict confinement to production, all those plugins will auto connect. Change-Id: I8324ac7bd0332c41cac17703eb15d7301e7babf3changes/83/713883/2
7 changed files with 47 additions and 23 deletions
@ -0,0 +1,4 @@
|
||||
#!/bin/bash |
||||
# Wrapper for dnsmasq |
||||
|
||||
exec $SNAP/usr/sbin/dnsmasq-orig -u snap_daemon -g snap_daemon $@ |
@ -0,0 +1,15 @@
|
||||
#!/bin/bash |
||||
# |
||||
# Utility script for connecting all the interfaces that MicroStack |
||||
# wants. Useful for testing strict confinement. Not useful for use in |
||||
# the deployed snap, as it can run from within a snap. |
||||
|
||||
set -e |
||||
|
||||
for i in `sudo snap connections microstack`; do |
||||
if [[ $i =~ ^microstack:.* ]]; then |
||||
echo $i; |
||||
sudo snap connect $i; |
||||
fi |
||||
done |
||||
|
Loading…
Reference in new issue