Christian Boltz
65d1693eee
- add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) OBS-URL: https://build.opensuse.org/request/show/999408 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=348
40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
From d8533ec851ccf188b17136fdab67d0481cae357d Mon Sep 17 00:00:00 2001
|
|
From: David Disseldorp <ddiss@suse.de>
|
|
Date: Thu, 25 Aug 2022 23:44:16 +0200
|
|
Subject: [PATCH] profiles: permit php-fpm pid files directly under run/
|
|
|
|
The upstream php-fpm.conf file carries the following pid file example
|
|
path:
|
|
[global]
|
|
; Pid file
|
|
; Note: the default prefix is @EXPANDED_LOCALSTATEDIR@
|
|
; Default Value: none
|
|
;pid = run/php-fpm.pid
|
|
|
|
Add this path to profiles/apparmor.d/php-fpm, alongside the current
|
|
nested "@{run}/php{,-fpm}/php*-fpm.pid" wildcard.
|
|
|
|
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/267
|
|
|
|
Suggested-by: Ali Abdallah <ali.abdallah@suse.com>
|
|
Signed-off-by: David Disseldorp <ddiss@suse.de>
|
|
---
|
|
profiles/apparmor.d/php-fpm | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
|
|
index 14b3c719..0dcc8c7d 100644
|
|
--- a/profiles/apparmor.d/php-fpm
|
|
+++ b/profiles/apparmor.d/php-fpm
|
|
@@ -35,6 +35,7 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
|
|
|
|
# we need to be able to create all sockets
|
|
@{run}/php{,-fpm}/php*-fpm.pid rw,
|
|
+ @{run}/php*-fpm.pid rw,
|
|
@{run}/php{,-fpm}/php*-fpm.sock rwlk,
|
|
|
|
# to reload
|
|
--
|
|
2.35.3
|
|
|