Ubuntu
ubuntu-advantage-tools package

  1. Bug #2057937
  2. Comment #4

Comment 4 for bug 2057937

Revision history for this message
Erik Meitner (eamuwmath) wrote :

Correct, apparmor is not installed and never was.

a)

systemctl cat apt-news.service
# /lib/systemd/system/apt-news.service
# APT News is hosted at https://motd.ubuntu.com/aptnews.json and can include
# timely information related to apt updates available to your system.
# This service runs in the background during an `apt update` to download the
# latest news and set it to appear in the output of the next `apt upgrade`.
# The script won't do anything if you've run: `pro config set apt_news=false`.
# The script will limit network requests to at most once per 24 hours.
# You can also host your own aptnews.json and configure your system to use it
# with the command:
# `pro config set apt_news_url=https://yourhostname/path/to/aptnews.json`

[Unit]
Description=Update APT News

[Service]
Type=oneshot
ExecStart=/usr/bin/python3 /usr/lib/ubuntu-advantage/apt_news.py
AppArmorProfile=ubuntu_pro_apt_news
CapabilityBoundingSet=~CAP_SYS_ADMIN
CapabilityBoundingSet=~CAP_NET_ADMIN
CapabilityBoundingSet=~CAP_NET_BIND_SERVICE
CapabilityBoundingSet=~CAP_SYS_PTRACE
CapabilityBoundingSet=~CAP_NET_RAW
PrivateTmp=true
RestrictAddressFamilies=~AF_NETLINK
RestrictAddressFamilies=~AF_PACKET
# These may break some tests, and should be enabled carefully
#NoNewPrivileges=true
#PrivateDevices=true
#ProtectControlGroups=true
# ProtectHome=true seems to reliably break the GH integration test with a lunar lxd on jammy host
#ProtectHome=true
#ProtectKernelModules=true
#ProtectKernelTunables=true
#ProtectSystem=full
#RestrictSUIDSGID=true
# Unsupported in bionic
# Suggestion from systemd.exec(5) manpage on SystemCallFilter
#SystemCallFilter=@system-service
#SystemCallFilter=~@mount
#SystemCallErrorNumber=EPERM
#ProtectClock=true
#ProtectKernelLogs=true

b) -rw-r--r-- 1 root root 945 Feb 29 08:03 /etc/apparmor.d/ubuntu_pro_apt_news

c) (aa is not installed)

d)

ii ubuntu-advantage-tools 31.2~22.04 all transitional dummy package for ubuntu-pro-client
ii ubuntu-pro-client 31.2~22.04 amd64 Management tools for Ubuntu Pro
un ubuntu-pro-client-l10n <none> <none> (no description available)

e) Python 3.10.12

f) (aa is not installed)