我有一个每小时运行一次以清理表格的 PHP 脚本。(位置:/var/www/example.php)
<?php
$host = "mysql:host=localhost; dbname=xxx";
$user = "xxx";
$pass = "xxx";
$pdo = new PDO($host, $user, $pass);
$sql_count = "SELECT * FROM xxx WHERE (UNIX_TIMESTAMP() - 21600) > last_activity AND (name LIKE 'xxx%' OR name LIKE '%xxx%' OR name LIKE '%xxx%' OR name LIKE '%xxx%')";
$sql_del = "DELETE FROM xxx WHERE (UNIX_TIMESTAMP() - 21600) > last_activity AND (name LIKE 'xxx%' OR name LIKE '%xxx%' OR name LIKE '%xxx%' OR name LIKE '%xxx%')";
$rowset = $pdo -> query($sql_count);
$row = $rowset -> fetch(PDO::FETCH_ASSOC);
$k = 0;
while($row == true)
{
$k++;
$row = $rowset -> fetch(PDO::FETCH_ASSOC);
}
echo "Deleted entries: ".$k."\n";
$rowset = $pdo -> query($sql_del);
$pdo = null;
?>
当我运行这个 PHP 脚本(cronjob)时,它工作正常,但我有这个 apparmor 错误消息:
apparmor="DENIED" operation="file_mmap" profile="/usr/bin/php7.0" name="/" pid=7982 comm="php7.0" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
这是我的 Apparmor 个人资料:
# Last Modified: Mon Oct 15 05:39:16 2018
#include <tunables/global>
/usr/bin/php7.0 flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/openssl>
#include <abstractions/php>
capability dac_override,
/lib/x86_64-linux-gnu/ld-*.so mr,
/media/nfsfolder/** rw,
/usr/bin/php7.0 mr,
/var/www/folder1/** rw,
/var/www/folder2/** rw,
/var/www/example.php r,
/var/www/phpmyadmin/** mrw,
}
我不想完全访问根目录,所以如果有人看到问题并可以提供帮助,那就太好了。