| Server IP : 127.0.0.2 / Your IP : 3.149.230.10 Web Server : Apache/2.4.18 (Ubuntu) System : User : www-data ( ) PHP Version : 7.0.33-0ubuntu0.16.04.16 Disable Function : disk_free_space,disk_total_space,diskfreespace,dl,exec,fpaththru,getmyuid,getmypid,highlight_file,ignore_user_abord,leak,listen,link,opcache_get_configuration,opcache_get_status,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,php_uname,phpinfo,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,pclose,popen,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,shell_exec,source,show_source,system,virtual MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /etc/apparmor.d/ |
Upload File : |
include <tunables/global>
# attach_disconnected is needed here because this service runs with systemd's
# PrivateTmp=true
profile ubuntu_pro_apt_news flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/openssl>
include <abstractions/python>
# Needed because apt-news calls apt_pkg.init() which tries to
# switch to the _apt system user/group.
capability setgid,
capability setuid,
capability dac_read_search,
# GH: 3079
capability dac_override,
/etc/apt/** r,
/etc/default/apport r,
/etc/ubuntu-advantage/* r,
# GH: #3109
# Allow reading the os-release file (possibly a symlink to /usr/lib).
/{etc/,usr/lib/,lib/}os-release r,
/{,usr/}bin/python3.{1,}[0-9] mrix,
# "import uuid" in focal triggers an uname call
# And also see LP: #2067319
/{,usr/}bin/uname mrix,
/{,usr/}lib/apt/methods/http mrix,
/{,usr/}lib/apt/methods/https mrix,
/{,usr/}lib/ubuntu-advantage/apt_news.py r,
/usr/share/dpkg/* r,
/var/log/ubuntu-advantage.log rw,
/var/lib/ubuntu-advantage/** r,
/var/lib/ubuntu-advantage/messages/ rw,
/var/lib/ubuntu-advantage/messages/* rw,
/run/ubuntu-advantage/ rw,
/run/ubuntu-advantage/* rw,
/tmp/** r,
owner @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/status r,
@{PROC}/@{pid}/cgroup r,
# see https://bugs.python.org/issue40501
/sbin/ldconfig rix,
/sbin/ldconfig.real rix,
@{PROC}/@{pid}/mounts r,
@{PROC}/@{pid}/status r,
/usr/bin/@{multiarch}-gcc-* rix,
/usr/bin/@{multiarch}-ld.bfd rix,
/usr/lib/gcc/@{multiarch}/*/collect2 rix,
/usr/bin/@{multiarch}-objdump rix,
# for some reason, these were just needed in xenial
capability chown,
capability fowner,
capability dac_override,
/etc/apt/auth.conf.d/90ubuntu-advantage rw,
/var/lib/apt/lists/partial/ rw,
/var/lib/apt/lists/partial/* rw,
/var/cache/apt/archives/partial/ rw,
/var/cache/apt/archives/partial/* rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/ubuntu_pro_apt_news>
}