[apparmor] [patch] abstractions/php: allow access to conf.d/ config files
Felix Geyer
debfx at ubuntu.com
Mon Apr 28 21:21:38 UTC 2014
On Ubuntu trusty the php package creates config symlinks in
/etc/php5/cli/conf.d/, /etc/php5/cgi/conf.d/ and /etc/php5/fpm/conf.d/
to /etc/php5/mods-available/.
For example:
% ls -ahl /etc/php5/cgi/conf.d/
total 4.0K
lrwxrwxrwx 1 root root 32 Apr 24 01:00 05-opcache.ini -> ../../mods-available/opcache.ini
[...]
Allow access to these paths.
I have split the rules in order to not have long lines.
=== modified file 'profiles/apparmor.d/abstractions/php5'
--- profiles/apparmor.d/abstractions/php5 2010-03-30 17:34:32 +0000
+++ profiles/apparmor.d/abstractions/php5 2014-04-28 21:18:08 +0000
@@ -11,8 +11,10 @@
# ------------------------------------------------------------------
# shared snippets for config files
- /etc/php5/{conf.d,apache2,cli,fastcgi,cgi}/ r,
- /etc/php5/{conf.d,apache2,cli,fastcgi,cgi}/*.ini r,
+ /etc/php5/{conf.d,mods-available}/ r,
+ /etc/php5/{apache2,cli,cli/conf.d,fastcgi,cgi,cgi/conf.d,fpm,fpm/conf.d}/ r,
+ /etc/php5/{conf.d,mods-available}/*.ini r,
+ /etc/php5/{apache2,cli,cli/conf.d,fastcgi,cgi,cgi/conf.d,fpm,fpm/conf.d}/*.ini r,
# Xlibs
/usr/X11R6/lib{,32,64}/lib*.so* mr,
More information about the AppArmor
mailing list