On Wed, Jun 18, 2014 at 11:44:26PM -0700, Seth Arnold wrote: > On Wed, Jun 18, 2014 at 05:44:04PM -0700, Steve Beattie wrote: > > Allow php5 abstraction to access Zend opcache files. > > > > [Personally, I don't really like things like this ending up in /tmp, > > as there's no need for it; but it's not obvious to me looking at > > http://www.php.net/manual/en/opcache.configuration.php if there's a > > way to configure things such that the opcache files end up in a php > > specific directory, that we could advocate packagers should make as > > the default.] > > Blech. Annoying php.
Yes. This took a long time to find digging through PHP code to find the file pattern. :) > Maybe add 'owner'? I'm not entirely sure how PHP expects these things to > be used but it feels like a sane thing to require that the reader and > writer be the same uid. Yeah, "owner" seems like a good idea. -Kees > > Acked-by: Seth Arnold <seth.arn...@canonical.com> > > Thanks > > > --- > > profiles/apparmor.d/abstractions/php5 | 3 +++ > > 1 file changed, 3 insertions(+) > > > > Index: b/profiles/apparmor.d/abstractions/php5 > > =================================================================== > > --- a/profiles/apparmor.d/abstractions/php5 > > +++ b/profiles/apparmor.d/abstractions/php5 > > @@ -30,3 +30,6 @@ > > > > # MySQL extension > > /usr/share/mysql/** r, > > + > > + # Zend opcache > > + /tmp/.ZendSem.* rwlk, > > > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor -- Kees Cook -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor