This was fixed in utopic in apparmor 2.8.98-0ubuntu2.
** Changed in: apparmor (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1401084
Title:
Missing rules in php5 abstraction
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
[impact]
This bug prevents the proper functioning of apache mod_php with
mod_apparmor.
[steps to reproduce]
1) setuo apache and mod_php, verify php scripts are working
2) stop apache2
3) install mod_apparmor
4) restart apache2
5) with fix applied, apache should not generate rejections for /tmp/.ZendSem.*
for php scripts confined by mod_apparmor
[regression potential]
The change to the php abstraction in the patch for this bug is a
slight loosening of the apparmor policy. The risk of an introduced
regression is small.
[original description]
I am using apache mod_apparmor with a wordpress blog. In my rules I have:
#include <abstractions/php5>
But this did not allow all access that was needed:
apparmor="DENIED" operation="file_lock"
profile="/usr/sbin/apache2//myvhost.example.com" name="/tmp/.ZendSem.Y5Ghmr"
pid=21874 comm="apache2" requested_mask="k" denied_mask="k" fsuid=33 ouid=0
apparmor="DENIED" operation="file_lock"
profile="/usr/sbin/apache2//myvhost.example.com" name="/tmp/.ZendSem.Y5Ghmr"
pid=21874 comm="apache2" requested_mask="wk" denied_mask="wk" fsuid=33 ouid=0
This access seems to be needed by opcache module, I found some info about it
here:
https://lists.ubuntu.com/archives/apparmor/2014-June/005879.html
Ubuntu 14.04.1
apparmor 2.8.95~2430-0ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1401084/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
