diff --git a/templates/usr.bin.nova-compute b/templates/usr.bin.nova-compute
index 70b40b44..a72b1646 100644
--- a/templates/usr.bin.nova-compute
+++ b/templates/usr.bin.nova-compute
@@ -25,18 +25,22 @@
 
   network inet raw,
   network inet stream,
+  network unix stream,
 
   deny /* w,
 
   /bin/* rix,
+  /dev/disk/** r,
   /dev/nbd* rw,
   /dev/tty rw,
   /dev/pts/* r,
   /dev/sd* r,
   /etc/default/locale r,
   /etc/environment r,
-  /etc/iscsi/initiatorname.iscsi r,
+  /etc/iscsi/** rw,
   /etc/machine-id r,
+  /etc/modprobe.d/ r,
+  /etc/modprobe.d/** r,
   /etc/mtab rw,
   /etc/nova/** r,
   /etc/ssh/ssh_config r,
@@ -45,6 +49,7 @@
   /etc/sudoers.d/ r,
   /etc/sudoers.d/* r,
   /proc/*/cmdline r,
+  /proc/cmdline r,
   /proc/sys/net/ipv6/conf/** w,
   /proc/*/task/*/comm wr,
   /proc/*/fd/ r,
@@ -55,11 +60,14 @@
   /proc/version r,
   /proc/loadavg r,
   /run/libvirt/libvirt-sock rw,
+  /run/lock/iscsi/ rw,
+  /run/lock/iscsi/** rwl,
   /run/lock/nova/nova-iptables wk,
   /run/lock/qemu-nbd-nbd* w,
   /run/openvswitch/db.sock rw,
   /sbin/blockdev rix,
   /sbin/brctl rix,
+  /sbin/iscsiadm rix,
   /sbin/ldconfig rix,
   /sbin/ldconfig.real rix,
   /sbin/mkfs rix,
@@ -68,16 +76,26 @@
   /sbin/xtables-multi rix,
   /sys/block/ r,
   /sys/class/fc_host/{,**} r,
+  /sys/class/iscsi_host/ r,
+  /sys/class/iscsi_session/ r,
+  /sys/class/iscsi_transport/ r,
+  /sys/class/scsi_host/ r,
   /sys/devices/pci*/** r,
   /sys/devices/pci/** r,
   /sys/devices/pci*/**/scan rw,
   /sys/devices/pci*/**/delete rw,
+  /sys/devices/platform/** rw,
   /sys/devices/system/cpu/ r,
   /sys/devices/system/cpu/** r,
   /sys/devices/system/node/ r,
   /sys/devices/system/node/** r,
   /sys/devices/virtual/block/nbd*/ r,
+  /sys/devices/virtual/iscsi_transport/** r,
   /sys/devices/virtual/net/** w,
+  /sys/module/scsi_transport_iscsi/** r,
+  /sys/module/libiscsi/** r,
+  /sys/module/libiscsi_tcp/** r,
+  /sys/module/iscsi_tcp/** r,
   /tmp/{,**} rw,
   /{usr/,}lib/udev/scsi_id PUx,
   /usr/bin/ r,