Php-fpm apparmor="DENIED" open

Hi everyone,

I just update to the latest version and i’ve got trouble with apparmor and php-fpm.
Nginx returns access denied and i got this messages in journalctl :

fév 04 20:20:39 zbox kernel: audit: type=1400 audit(1738696839.569:560): apparmor=“DENIED” operation=“open” class=“file” profile=“php-fpm” name=“/srv/http/index.php” pid=1881 comm=“php-fpm” requested_mask=“r” denied_mask=“r” fsuid=33 ouid=33

The trick was to disable with “aa-disable /etc/apparmor.d/php-fpm”
I really don’t know what’s wrong. Do you have any hints ?
thanks :robot:

You disabled apparmor to make it work.
You could have allowed that program to do the things which apparmor refused to allow in it’s default configuration - instead of disabling apparmor for this program.

What does apparmor do for you?
Why do you have it (active)?
If you don’t know why it’s there and you don’t need it - disable and remove it.

Nothing is wrong - just the default apparmor configuration doesn’t allow this program to do some things.

1 Like

Hi Nachlese,

I don’t really know how to configure apparmor. It has been enable without my intervention.
Maybe it’s related to this issue
Bye

AppArmor - ArchWiki

Section 1

disable the service
and / or
just uninstall it

… if you don’t need it or even know what it is
you have no use for it except creating problems for you

I think™ that it has got something to do with snaps - I’m totally not sure.
It could be because of you installing one or some snap that apparmor is present.

I do know that I do not have it installed.

1 Like