[pkg-apparmor] Bug#905342: apache fpm not working anymore
intrigeri
intrigeri at debian.org
Sat Aug 4 03:02:55 BST 2018
Control: tag -1 + moreinfo
Hi Ivan,
Ivan Sergio Borgonovo:
> I've a lxc guest running apache php fpm for horde.
> lxc guest and host both were running apparmor.
> Host was updated from 2.12-5 to 2.13-6.
> Guest was updated from 2.13-4 to 2.13-6.
Can you confirm this happens on Debian testing?
What exact kernel are you running?
> After upgrading apparmor horde stopped working.
> I downgraded apparmor on the host and still horde on the guest was not working.
> After downgrading apparmor on the guest horde started to work again.
> Problems seems related to apparmor recipes rather than in binaries since by mistake
> I forgot to downgrade the apparmor package in the guest and things were working.
I'm curious how AppArmor is involved, because AFAIK Debian testing
does not enable any AppArmor confinement for Apache/PHP:
- do you have libapache2-mod-apparmor installed?
did you do anything to enable and use it?
- I see that recent php-fpm have support for switching AppArmor
"hats"; did you enable this?
> related log entries may be
> Aug 1 19:46:50 caronte kernel: [265475.231940] audit: type=1400
> audit(1533145610.777:245): apparmor="STATUS" operation="profile_replace" info="same
> as current profile, skipping" profile="unconfined" name="klogd" pid=19732
> comm="apparmor_parser"
Sadly, this one is irrelevant. Please provide some more info:
- the output of "journalctl -b | grep apparmor"
- the output of "aa-status"
Also, https://wiki.debian.org/AppArmor/Debug might help.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list