| Server IP : 49.231.201.246 / Your IP : 216.73.216.248 Web Server : Apache/2.4.18 (Ubuntu) System : Linux 246 4.4.0-210-generic #242-Ubuntu SMP Fri Apr 16 09:57:56 UTC 2021 x86_64 User : root ( 0) PHP Version : 7.0.33-0ubuntu0.16.04.16 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /lib/systemd/system/ |
Upload File : |
# APT News is hosted at https://motd.ubuntu.com/aptnews.json and can include # timely information related to apt updates available to your system. # This service runs in the background during an `apt update` to download the # latest news and set it to appear in the output of the next `apt upgrade`. # The script won't do anything if you've run: `pro config set apt_news=false`. # The script will limit network requests to at most once per 24 hours. # You can also host your own aptnews.json and configure your system to use it # with the command: # `pro config set apt_news_url=https://yourhostname/path/to/aptnews.json` [Unit] Description=Update APT News [Service] Type=oneshot ExecStart=/usr/bin/python3 /usr/lib/ubuntu-advantage/apt_news.py AppArmorProfile=-ubuntu_pro_apt_news CapabilityBoundingSet=~CAP_SYS_ADMIN CapabilityBoundingSet=~CAP_NET_ADMIN CapabilityBoundingSet=~CAP_NET_BIND_SERVICE CapabilityBoundingSet=~CAP_SYS_PTRACE CapabilityBoundingSet=~CAP_NET_RAW PrivateTmp=true RestrictAddressFamilies=~AF_NETLINK RestrictAddressFamilies=~AF_PACKET # These may break some tests, and should be enabled carefully #NoNewPrivileges=true #PrivateDevices=true #ProtectControlGroups=true # ProtectHome=true seems to reliably break the GH integration test with a lunar lxd on jammy host #ProtectHome=true #ProtectKernelModules=true #ProtectKernelTunables=true #ProtectSystem=full #RestrictSUIDSGID=true # Unsupported in bionic # Suggestion from systemd.exec(5) manpage on SystemCallFilter #SystemCallFilter=@system-service #SystemCallFilter=~@mount #SystemCallErrorNumber=EPERM #ProtectClock=true #ProtectKernelLogs=true