[apparmor] [patch 2/3] profiles: allow php5 abstraction access to Zend opcache files
Seth Arnold
seth.arnold at canonical.com
Thu Jun 19 06:44:26 UTC 2014
On Wed, Jun 18, 2014 at 05:44:04PM -0700, Steve Beattie wrote:
> Allow php5 abstraction to access Zend opcache files.
>
> [Personally, I don't really like things like this ending up in /tmp,
> as there's no need for it; but it's not obvious to me looking at
> http://www.php.net/manual/en/opcache.configuration.php if there's a
> way to configure things such that the opcache files end up in a php
> specific directory, that we could advocate packagers should make as
> the default.]
Blech. Annoying php.
Maybe add 'owner'? I'm not entirely sure how PHP expects these things to
be used but it feels like a sane thing to require that the reader and
writer be the same uid.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
> profiles/apparmor.d/abstractions/php5 | 3 +++
> 1 file changed, 3 insertions(+)
>
> Index: b/profiles/apparmor.d/abstractions/php5
> ===================================================================
> --- a/profiles/apparmor.d/abstractions/php5
> +++ b/profiles/apparmor.d/abstractions/php5
> @@ -30,3 +30,6 @@
>
> # MySQL extension
> /usr/share/mysql/** r,
> +
> + # Zend opcache
> + /tmp/.ZendSem.* rwlk,
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140618/89937140/attachment.pgp>
More information about the AppArmor
mailing list