[apparmor] [patch 2/3] profiles: allow php5 abstraction access to Zend opcache files
Kees Cook
kees at ubuntu.com
Fri Jun 20 16:16:15 UTC 2014
On Wed, Jun 18, 2014 at 11:44:26PM -0700, Seth Arnold wrote:
> On Wed, Jun 18, 2014 at 05:44:04PM -0700, Steve Beattie wrote:
> > Allow php5 abstraction to access Zend opcache files.
> >
> > [Personally, I don't really like things like this ending up in /tmp,
> > as there's no need for it; but it's not obvious to me looking at
> > http://www.php.net/manual/en/opcache.configuration.php if there's a
> > way to configure things such that the opcache files end up in a php
> > specific directory, that we could advocate packagers should make as
> > the default.]
>
> Blech. Annoying php.
Yes. This took a long time to find digging through PHP code to find the
file pattern. :)
> Maybe add 'owner'? I'm not entirely sure how PHP expects these things to
> be used but it feels like a sane thing to require that the reader and
> writer be the same uid.
Yeah, "owner" seems like a good idea.
-Kees
>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
>
> Thanks
>
> > ---
> > profiles/apparmor.d/abstractions/php5 | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > Index: b/profiles/apparmor.d/abstractions/php5
> > ===================================================================
> > --- a/profiles/apparmor.d/abstractions/php5
> > +++ b/profiles/apparmor.d/abstractions/php5
> > @@ -30,3 +30,6 @@
> >
> > # MySQL extension
> > /usr/share/mysql/** r,
> > +
> > + # Zend opcache
> > + /tmp/.ZendSem.* rwlk,
> >
> >
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Kees Cook
More information about the AppArmor
mailing list