apt-news.service: XXX remove all systemd restrictions

canonical · Dec 3, 2023 · 676ab8e · 676ab8e
1 parent 71a753f
commit 676ab8e
Showing 1 changed file with 16 additions and 16 deletions.
diff --git a/systemd/apt-news.service b/systemd/apt-news.service
@@ -15,22 +15,22 @@ Description=Update APT News
 Type=oneshot
 ExecStart=/usr/bin/python3 /usr/lib/ubuntu-advantage/apt_news.py
 AppArmorProfile=ubuntu_advantage_apt_news
-CapabilityBoundingSet=~CAP_SYS_ADMIN
-CapabilityBoundingSet=~CAP_NET_ADMIN
-CapabilityBoundingSet=~CAP_NET_BIND_SERVICE
-CapabilityBoundingSet=~CAP_SYS_PTRACE
-CapabilityBoundingSet=~CAP_NET_RAW
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectSystem=full
-RestrictAddressFamilies=~AF_NETLINK
-RestrictAddressFamilies=~AF_PACKET
-RestrictSUIDSGID=true
+#CapabilityBoundingSet=~CAP_SYS_ADMIN
+#CapabilityBoundingSet=~CAP_NET_ADMIN
+#CapabilityBoundingSet=~CAP_NET_BIND_SERVICE
+#CapabilityBoundingSet=~CAP_SYS_PTRACE
+#CapabilityBoundingSet=~CAP_NET_RAW
+#NoNewPrivileges=true
+#PrivateDevices=true
+#PrivateTmp=true
+#ProtectControlGroups=true
+#ProtectHome=true
+#ProtectKernelModules=true
+#ProtectKernelTunables=true
+#ProtectSystem=full
+#RestrictAddressFamilies=~AF_NETLINK
+#RestrictAddressFamilies=~AF_PACKET
+#RestrictSUIDSGID=true
 # Unsupported in bionic
 # XXX find a way to handle this dynamically
 # Suggestion from systemd.exec(5) manpage on SystemCallFilter