diff --git a/patches/drop-setuid-from-neutron.patch b/patches/drop-setuid-from-neutron.patch
new file mode 100644
index 0000000..36a6014
--- /dev/null
+++ b/patches/drop-setuid-from-neutron.patch
@@ -0,0 +1,22 @@
+Description: Drop code where neutron drops privileges from root.
+  This code isn't required because in strict mode we run everything
+  as root:root and setuid is not allowed by the current plugs.
+Author: Corey Bryant <corey.bryant@canonical.com>
+Forwarded: no
+
+---
+ neutron/agent/linux/daemon.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/neutron/agent/linux/daemon.py b/neutron/agent/linux/daemon.py
+index 6ad9ee3c8..23218eace 100644
+--- a/neutron/agent/linux/daemon.py
++++ b/neutron/agent/linux/daemon.py
+@@ -255,4 +255,3 @@ class Daemon(object):
+         """
+         if not self.watch_log:
+             unwatch_log()
+-        drop_privileges(self.user, self.group)
+-- 
+2.11.0
+
diff --git a/patches/drop-use-of-fchownat.patch b/patches/drop-use-of-fchownat.patch
new file mode 100644
index 0000000..5b6cbfe
--- /dev/null
+++ b/patches/drop-use-of-fchownat.patch
@@ -0,0 +1,25 @@
+Description: Drop code that uses fchownat syscall as it's not covered
+  by any relevant plugs. This code isn't required because in strict
+  mode we run everything as root:root.
+Author: Corey Bryant <corey.bryant@canonical.com>
+Forwarded: no
+
+---
+ nova/virt/libvirt/driver.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index 0e8fe070..dfcb64bc 100644
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -2732,7 +2732,6 @@ class LibvirtDriver(driver.ComputeDriver):
+         i = 0  # in case there is a log rotation (like "virtlogd")
+         path = console_log
+         while bytes_to_read > 0 and os.path.exists(path):
+-            libvirt_utils.chown(path, os.getuid())
+             with libvirt_utils.file_open(path, 'rb') as fp:
+                 read_log_data, remaining = utils.last_bytes(fp, bytes_to_read)
+                 # We need the log file content in chronological order,
+-- 
+2.11.0
+
diff --git a/snapcraft.yaml b/snapcraft.yaml
index f3a81be..9218f8c 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -231,6 +231,8 @@ parts:
       export SNAP_ROOT="../../../"
       export SNAP_SITE_PACKAGES="$SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages"
       patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/oslo-config-dirs.patch
+      patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/drop-setuid-from-neutron.patch
+      patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/drop-use-of-fchownat.patch
   templates:
     after: [nova]
     plugin: dump