mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

profiles: permit php-fpm pid files directly under run/

Browse Source 
The upstream php-fpm.conf file carries the following pid file example
path:
  [global]
  ; Pid file
  ; Note: the default prefix is @EXPANDED_LOCALSTATEDIR@
  ; Default Value: none
  ;pid = run/php-fpm.pid

Add this path to profiles/apparmor.d/php-fpm, alongside the current
nested "@{run}/php{,-fpm}/php*-fpm.pid" wildcard.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/267

Suggested-by: Ali Abdallah <ali.abdallah@suse.com>
Signed-off-by: David Disseldorp <ddiss@suse.de>
This commit is contained in:
David Disseldorp 2022-08-25 23:44:16 +02:00
parent 8e8aad4eae
commit d8533ec851
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
profiles/apparmor.d/php-fpm
View File

@ -35,6 +35,7 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
# we need to be able to create all sockets
@{run}/php{,-fpm}/php*-fpm.pid rw,
@{run}/php*-fpm.pid rw,
@{run}/php{,-fpm}/php*-fpm.sock rwlk,
# to reload