Home Sign Up Sign In
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member  Sign In
dzdh
V2EX  ›  问与答

有人用 opensuse & apparmor 么? 碰到问题(nginx & PHP -fpm)

  •   
  •   dzdh · May 17, 2021 · 918 views
    This topic created in 1818 days ago, the information mentioned may be changed or developed.

    系统自己安装的 apparmor-profiles 。自带了 php-fpm 的 apparmor 策略。

    php-fpm user:wwwrun group:wwwrun

    nginx: nginx

    root /srv/www/htdocs/index.php

    php-fpm 策略默认。

    访问提示 403 access denied.

    增加了一个自定义策略 /etc/apparmor.d/php-fpm.d/wwwpool:

    profile wwwpool {
    include <abstractions/php-worker>
    /srv/www/** rwlk,
}

    /test.php 依然提示 403.

    aa-disable php-fpm && aa-enforce php-fpm 就可以访问(ps auxZ 先显示 unconfined 然后变成了 enforce 在 restart php-fpm 之后)

    日志里type=AVC msg=audit(1621209360.347:863): apparmor="DENIED" operation="open" profile="php-fpm" name="/srv/www/htdocs/index.php" pid=1769 comm="php-fpm" requested_mask="r" denied_mask="r" fsuid=467 ouid=0

    应该怎么正确配置?

    No Comments Yet
    php-fpmapparmorNginxsrv
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   5852 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 30ms · UTC 06:13 · PVG 14:13 · LAX 23:13 · JFK 02:13
    ♥ Do have faith in what you're doing.