Merge profiles: installation of php-fpm needs w @{run}/systemd/notify

Installation of php-fpm fails on Ubuntu because the profile does not allow writing to /run/systemd/notify. Fixes: https://bugs.launchpad.net/bugs/2061113 Signed-off-by: Georgia Garcia georgia.garcia@canonical.com I propose this fix for 4.0 and master. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1251 Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Christian Boltz <apparmor@cboltz.de> (cherry picked from commit 70ddb0ca5b) 49aa7ae3 profiles: installation of php-fpm needs w @{run}/systemd/notify Co-authored-by: Christian Boltz <apparmor@cboltz.de>
2025-09-05 08:45:22 +00:00 · 2024-06-05 16:56:48 +00:00
parent e3be2e52ea
commit a866d77e72
1 changed files with 3 additions and 0 deletions
--- a/profiles/apparmor.d/php-fpm
+++ b/profiles/apparmor.d/php-fpm
@@ -36,6 +36,9 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
  @{run}/php*-fpm.pid rw,
  @{run}/php{,-fpm}/php*-fpm.sock rwlk,

+  # LP: #2061113
+  owner @{run}/systemd/notify w,
+
  # to reload
  /usr/sbin/php-fpm* rix,