c1b382df0e
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) OBS-URL: https://build.opensuse.org/request/show/973915 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=329
47 lines
1.4 KiB
Diff
47 lines
1.4 KiB
Diff
From c946f0bf75f9529014c79ff591d6f953ce56b416 Mon Sep 17 00:00:00 2001
|
|
From: Christian Boltz <apparmor@cboltz.de>
|
|
Date: Mon, 18 Apr 2022 20:49:22 +0200
|
|
Subject: [PATCH] Allow reading all of /etc/php[578]/** in abstractions/php
|
|
|
|
... and with that, make a rule in the php-fpm profile (which missed
|
|
php8) superfluous.
|
|
|
|
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/229
|
|
|
|
Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1186267#c11
|
|
---
|
|
profiles/apparmor.d/abstractions/php | 3 +--
|
|
profiles/apparmor.d/php-fpm | 2 --
|
|
2 files changed, 1 insertion(+), 4 deletions(-)
|
|
|
|
diff --git a/profiles/apparmor.d/abstractions/php b/profiles/apparmor.d/abstractions/php
|
|
index ddafb0770..6bf0dc798 100644
|
|
--- a/profiles/apparmor.d/abstractions/php
|
|
+++ b/profiles/apparmor.d/abstractions/php
|
|
@@ -13,8 +13,7 @@
|
|
abi <abi/3.0>,
|
|
|
|
# shared snippets for config files
|
|
- /etc/php{,5,7,8}/**/ r,
|
|
- /etc/php{,5,7,8}/**.ini r,
|
|
+ /etc/php{,5,7,8}/** r,
|
|
|
|
# Xlibs
|
|
/usr/X11R6/lib{,32,64}/lib*.so* mr,
|
|
diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
|
|
index b25762c50..14b3c7195 100644
|
|
--- a/profiles/apparmor.d/php-fpm
|
|
+++ b/profiles/apparmor.d/php-fpm
|
|
@@ -16,8 +16,6 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
|
|
# read the system certificates
|
|
include <abstractions/ssl_certs>
|
|
|
|
- /etc/php{,5,7}/** r,
|
|
-
|
|
capability net_admin,
|
|
# change user/group of a pool
|
|
capability setuid,
|
|
--
|
|
GitLab
|
|
|