[pkg-apparmor] Bug#905342: apache fpm not working anymore
Ivan Sergio Borgonovo
ivan.s.b at gmail.com
Tue Aug 14 00:01:59 BST 2018
Hi,
finally I've something interesting that may help to fix the problem.
It seems that the new apparmor makes php-fpm start time sensibly higher
and systemd timeout.
There is a correlation between php-fpm slowing down and the new version
of apparmor but at the moment I just increased systemd timeout
(TimeoutStartSec).
If you've any suggest to collect any information that could be useful
let me know.
On 08/04/2018 04:02 AM, intrigeri wrote:
> Control: tag -1 + moreinfo
>
> Hi Ivan,
>
> Ivan Sergio Borgonovo:
>> I've a lxc guest running apache php fpm for horde.
>> lxc guest and host both were running apparmor.
>
>> Host was updated from 2.12-5 to 2.13-6.
>> Guest was updated from 2.13-4 to 2.13-6.
>
> Can you confirm this happens on Debian testing?
>
> What exact kernel are you running?
>
>> After upgrading apparmor horde stopped working.
>
>> I downgraded apparmor on the host and still horde on the guest was not working.
>> After downgrading apparmor on the guest horde started to work again.
>
>> Problems seems related to apparmor recipes rather than in binaries since by mistake
>> I forgot to downgrade the apparmor package in the guest and things were working.
>
> I'm curious how AppArmor is involved, because AFAIK Debian testing
> does not enable any AppArmor confinement for Apache/PHP:
>
> - do you have libapache2-mod-apparmor installed?
> did you do anything to enable and use it?
>
> - I see that recent php-fpm have support for switching AppArmor
> "hats"; did you enable this?
>
>> related log entries may be
>
>> Aug 1 19:46:50 caronte kernel: [265475.231940] audit: type=1400
>> audit(1533145610.777:245): apparmor="STATUS" operation="profile_replace" info="same
>> as current profile, skipping" profile="unconfined" name="klogd" pid=19732
>> comm="apparmor_parser"
>
> Sadly, this one is irrelevant. Please provide some more info:
>
> - the output of "journalctl -b | grep apparmor"
> - the output of "aa-status"
>
> Also, https://wiki.debian.org/AppArmor/Debug might help.
>
> Cheers,
>
--
Ivan Sergio Borgonovo
https://www.webthatworks.it https://www.borgonovo.net
More information about the pkg-apparmor-team
mailing list