Drop privileges when running commands

Drop privileges to a regular user when running commands defined
by this snap.

Change-Id: I8ada8f30506756a48a70063ac6444ee9167bfbc7

snap/snap-openstack.yaml

@@ -1,11 +1,20 @@
 setup:
+  users:
+    snap-glance: [snap-glance]
+  default-owner: "root:snap-glance"
   dirs:
+    - "{snap_common}/etc"
     - "{snap_common}/etc/glance/conf.d"
+    - "{snap_common}/lib"
     - "{snap_common}/lib/images"
-    - "{snap_common}/log"
     - "{snap_common}/lock"
+    - "{snap_common}/log"
   templates:
     glance-snap.conf.j2: "{snap_common}/etc/glance/conf.d/glance-snap.conf"
+  rchown:
+    "{snap_common}/lib": "snap-glance:snap-glance"
+    "{snap_common}/lock": "snap-glance:snap-glance"
+    "{snap_common}/log": "snap-glance:snap-glance"
 entry_points:
   glance-manage:
     binary: "{snap}/bin/glance-manage"
@@ -14,6 +23,8 @@ entry_points:
       - "{snap_common}/etc/glance/glance.conf"
     config-dirs:
       - "{snap_common}/etc/glance/conf.d"
+    run-as:
+      snap-glance: [snap-glance]
   glance-registry:
     binary: "{snap}/bin/glance-registry"
     config-files:
@@ -22,6 +33,8 @@ entry_points:
     config-dirs:
       - "{snap_common}/etc/glance/conf.d"
     log-file: "{snap_common}/log/glance-registry.log"
+    run-as:
+      snap-glance: [snap-glance]
   glance-api:
     binary: "{snap}/bin/glance-api"
     config-files:
@@ -30,3 +43,5 @@ entry_points:
     config-dirs:
       - "{snap_common}/etc/glance/conf.d"
     log-file: "{snap_common}/log/glance-api.log"
+    run-as:
+      snap-glance: [snap-glance]

snapcraft.yaml

@@ -77,7 +77,7 @@ parts:
         - etc/glance/*.ini
         - etc/glance/*.json
     stage: [$etc]
-    snap: [$etc]
+    prime: [$etc]
   python:
     source: https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tar.xz
     plugin: autotools