* /var/lib/nova/networks should be readable by the `nobody' user,

because dnsmasq runs as nobody and reads its host list from there.

svn path=/nixos/trunk/; revision=26740
This commit is contained in:
Eelco Dolstra 2011-04-07 12:47:20 +00:00
parent 3836e8eb02
commit 05ff7baf48

View File

@ -59,7 +59,10 @@ in
system.activationScripts.nova =
''
mkdir -m 700 -p /var/lib/nova
mkdir -m 755 -p /var/lib/nova
mkdir -m 755 -p /var/lib/nova/networks
mkdir -m 700 -p /var/lib/nova/instances
mkdir -m 700 -p /var/lib/nova/keys
# Allow the CA certificate generation script (called by
# nova-api) to work.
@ -80,7 +83,9 @@ in
startOn = "ip-up";
path = [ pkgs.openssl ];
# `openssl' is required to generate the CA. `openssh' is
# required to generate key pairs.
path = [ pkgs.openssl pkgs.openssh ];
exec = "${nova}/bin/nova-api";
};
@ -95,6 +100,11 @@ in
startOn = "ip-up";
preStart =
''
mkdir -m 700 -p /var/lib/nova/images
'';
exec = "${nova}/bin/nova-objectstore --nodaemon";
};