revert i/b/microceph: allow more access for microceph-support (canoni…

…cal#13150) (canonical#13322) This reverts commit 29878c7. the permission are support permission for the service, not for the client side, so they were wrongly placed
olivercalder · Oct 23, 2023 · ebe7139 · ebe7139
1 parent 4a37a20
commit ebe7139
Showing 1 changed file with 0 additions and 15 deletions.
diff --git a/interfaces/builtin/microceph.go b/interfaces/builtin/microceph.go
@@ -32,21 +32,6 @@ const microcephConnectedPlugAppArmor = `
 # Description: allow access to the MicroCeph control socket.
 
 /var/snap/microceph/common/state/control.socket rw,
-
-# Allow bcache devices to be accessed since DM devices may be set up on top of those.
-/dev/bcache[0-9]{,[0-9],[0-9][0-9]} rwk,                   # bcache (up to 1000 devices)
-# Access to individual partitions
-/dev/hd[a-t][0-9]{,[0-9],[0-9][0-9]} rwk,                  # IDE, MFM, RLL
-/dev/sd{,[a-z]}[a-z][0-9]{,[0-9],[0-9][0-9]} rwk,          # SCSI
-/dev/vd{,[a-z]}[a-z][0-9]{,[0-9],[0-9][0-9]} rwk,          # virtio
-/dev/nvme{[0-9],[1-9][0-9]}n{[1-9],[1-5][0-9],6[0-3]}p[0-9]{,[0-9],[0-9][0-9]} rwk, # NVMe
-# Allow managing of rbd-backed block devices
-/sys/bus/rbd/add rwk,                                      # add block dev
-/sys/bus/rbd/remove rwk,                                   # remove block dev
-/sys/bus/rbd/add_single_major rwk,                         # add single major dev
-/sys/bus/rbd/remove_single_major rwk,                      # remove single major dev
-/sys/bus/rbd/supported_features r,                         # display enabled features
-/sys/bus/rbd/devices/** rwk,                               # manage individual block devs
 `
 
 const microcephConnectedPlugSecComp = `