Here's a patch to fix this for trusty. ** Patch added: "php5-Zend_semaphore-lp1401084.patch" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1401084/+attachment/4399530/+files/php5-Zend_semaphore-lp1401084.patch
** Description changed: + [impact] + + This bug prevents the proper functioning of apache mod_php with + mod_apparmor. + + [steps to reproduce] + + 1) setuo apache and mod_php, verify php scripts are working + 2) stop apache2 + 3) install mod_apparmor + 4) restart apache2 + 5) with fix applied, apache should not generate rejections for /tmp/.ZendSem.* + for php scripts confined by mod_apparmor + + [regression potential] + + The change to the php abstraction in the patch for this bug is a + slight loosening of the apparmor policy. The risk of an introduced + regression is small. + + [original description] + I am using apache mod_apparmor with a wordpress blog. In my rules I have: #include <abstractions/php5> But this did not allow all access that was needed: apparmor="DENIED" operation="file_lock" profile="/usr/sbin/apache2//myvhost.example.com" name="/tmp/.ZendSem.Y5Ghmr" pid=21874 comm="apache2" requested_mask="k" denied_mask="k" fsuid=33 ouid=0 apparmor="DENIED" operation="file_lock" profile="/usr/sbin/apache2//myvhost.example.com" name="/tmp/.ZendSem.Y5Ghmr" pid=21874 comm="apache2" requested_mask="wk" denied_mask="wk" fsuid=33 ouid=0 This access seems to be needed by opcache module, I found some info about it here: https://lists.ubuntu.com/archives/apparmor/2014-June/005879.html Ubuntu 14.04.1 apparmor 2.8.95~2430-0ubuntu5.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401084 Title: Missing rules in php5 abstraction To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1401084/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
