FS#64693 - [php] php-fpm needs CAP_CHOWN

Attached to Project: Arch Linux
Opened by Marius (Martchus) - Saturday, 30 November 2019, 14:36 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 30 November 2019, 14:39 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
The php-fpm service file needs CAP_CHOWN and fails otherwise with:
```
[ERROR] [pool www] failed to chown() the socket '/run/php-fpm/php-fpm.sock': Operation not permitted (1)
```

Changing the ownership of `/run/php-fpm` manually to `http:http` doesn't
help and only leads to:
```
[ERROR] unable to bind listening socket for address '/run/php-fpm/php-fpm.sock': Permission denied (13)
```

Changing `CapabilityBoundingSet` like in the workaround mentioned above
would fix this issue.

Additional info:
* package version(s): php 7.4.0-1 and php 7.4.0-2

Steps to reproduce:
Just start the php-fpm service via the systemd unit file
provided by the php 7.4.0-2 package. The journal contains
the mentioned log messages.

Workaround:
`systemctl edit php-fpm`, add
```
[Service]
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_CHOWN
```
save and quit.
This task depends upon

Closed by  Doug Newgard (Scimmia)
Saturday, 30 November 2019, 14:39 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#64683 

Loading...