On Sat, Mar 05, 2022 at 02:52:19AM +0100, i...@tutanota.com wrote:
> I am sorry, but this truly looks like a bug to me. Please bear with me.
>
> I have set pm.max_requests = 0, then restarted PHP-FPM.
if I didn't mess myself, php-fpm means it is a long term running php process ?
if it is the case, please note that functions like pledge(2) or
unveil(2) are affecting the running process itself.
so if a script runs unveil(2), it will hide part of the filesystem for
it, and for *all* next requests too (and depending how things are
done, it could not found the script itself on the second run).
> The following PHP script:
>
> var_dump(scandir('/var'));
> unveil('/var', 'r');
> var_dump(scandir('/var'));
> var_dump(scandir('/etc'));
>
> Gives:
>
> array(3) { [0]=> string(1) "." [1]=> string(2) ".." [2]=> string(3) "run" }
> array(3) { [0]=> string(1) "." [1]=> string(2) ".." [2]=> string(3) "run" }
> bool(false)
>
> Which is correct. But then try to simply comment out unveil and run the
> script again:
>
> var_dump(scandir('/var'));
> //unveil('/var', 'r');
> var_dump(scandir('/var'));
> var_dump(scandir('/etc'));
>
> And you get:
>
> File not found.
>
> And in the httpd error log:
>
> Primary script unknown
>
> Is this not wrong behavior?
>
do you restart php-fpm between each test ?
--
Sebastien Marie
