From c946f0bf75f9529014c79ff591d6f953ce56b416 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Mon, 18 Apr 2022 20:49:22 +0200
Subject: [PATCH] Allow reading all of /etc/php[578]/** in abstractions/php

... and with that, make a rule in the php-fpm profile (which missed
php8) superfluous.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/229

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1186267#c11
---
 profiles/apparmor.d/abstractions/php | 3 +--
 profiles/apparmor.d/php-fpm          | 2 --
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/php b/profiles/apparmor.d/abstractions/php
index ddafb0770..6bf0dc798 100644
--- a/profiles/apparmor.d/abstractions/php
+++ b/profiles/apparmor.d/abstractions/php
@@ -13,8 +13,7 @@
   abi <abi/3.0>,
 
   # shared snippets for config files
-  /etc/php{,5,7,8}/**/ r,
-  /etc/php{,5,7,8}/**.ini r,
+  /etc/php{,5,7,8}/** r,
 
   # Xlibs
   /usr/X11R6/lib{,32,64}/lib*.so* mr,
diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
index b25762c50..14b3c7195 100644
--- a/profiles/apparmor.d/php-fpm
+++ b/profiles/apparmor.d/php-fpm
@@ -16,8 +16,6 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
   # read the system certificates
   include <abstractions/ssl_certs>
 
-  /etc/php{,5,7}/** r,
-
   capability net_admin,
   # change user/group of a pool
   capability setuid,
-- 
GitLab