Opened 3 years ago

Last modified 3 years ago

#64073 new defect

apache2 @2.4.51_2: Monterey sandbox read denial of php81-apache2handler

Reported by: paxperscientiam (Chris) Owned by:
Priority: Normal Milestone:
Component: ports Version: 2.7.1
Keywords: monterey Cc: ryandesign (Ryan Carsten Schmidt)
Port: apache2 php81-apache2handler

Description

Hello!

I'm unable to use the apache php module on Monterey. Here's what I've learned so far.

Firstly, I got this interesting output when installing php81-apache2handler

--->  Configuring php81-apache2handler
Warning: Configuration logfiles contain indications of -Wimplicit-function-declaration; check that features were not accidentally disabled:
  _controlfp_s: found in php-8.1.0/config.log
  _controlfp: found in php-8.1.0/config.log
  __crc32d: found in php-8.1.0/config.log
  gethostbyname_r: found in php-8.1.0/config.log

When the module is enabled (LoadModule php_module ${MODULE_PREFIX}/mod_php81.so), the apache start command ( sudo port reload apache2) fails; when it's not enabled, apache starts just fine.

Console.app reveals the following relevant error message:

Sandbox: logd_helper(48721) deny(1) file-read-data /opt/local/lib/apache2/modules/mod_php81.so

The launchd log shows the following:

2021-11-27 18:46:26.854037 (system/org.apache.httpd) <Notice>: service state: spawning
2021-11-27 18:46:26.854092 (system/org.apache.httpd) <Notice>: launching: inefficient
2021-11-27 18:46:26.855317 (system/org.apache.httpd [67775]) <Notice>: xpcproxy spawned with pid 67775
2021-11-27 18:46:26.855344 (system/org.apache.httpd [67775]) <Notice>: internal event: SPAWNED, code = 0
2021-11-27 18:46:26.855350 (system/org.apache.httpd [67775]) <Notice>: service state: xpcproxy
2021-11-27 18:46:26.855354 (system/org.apache.httpd [67775]) <Notice>: deferred event: domain spawn response: 0
2021-11-27 18:46:26.855359 (system/org.apache.httpd [67775]) <Notice>: internal event: SOURCE_ATTACH, code = 0
2021-11-27 18:46:26.860593 (system/org.apache.httpd [67775]) <Notice>: service state: running
2021-11-27 18:46:26.860611 (system/org.apache.httpd [67775]) <Notice>: internal event: INIT, code = 0
2021-11-27 18:46:26.860637 (system/org.apache.httpd [67775]) <Notice>: Successfully spawned httpd-wrapper[67775] because inefficient
2021-11-27 18:46:27.065059 (system/org.apache.httpd [67775]) <Notice>: service exited: dirty = 0, supported pressured-exit = 0
2021-11-27 18:46:27.065080 (system/org.apache.httpd [67775]) <Notice>: exited due to exit(1)
2021-11-27 18:46:27.065084 (system/org.apache.httpd [67775]) <Notice>: service state: exited
2021-11-27 18:46:27.065088 (system/org.apache.httpd [67775]) <Notice>: internal event: EXITED, code = 0
2021-11-27 18:46:27.065092 (system) <Notice>: service inactive: org.apache.httpd
2021-11-27 18:46:27.065097 (system/org.apache.httpd [67775]) <Notice>: service state: not running
2021-11-27 18:46:27.065106 (system/org.apache.httpd) <Notice>: Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
2021-11-27 18:46:27.065158 (system/org.apache.httpd) <Notice>: internal event: WILL_SPAWN, code = 0
2021-11-27 18:46:27.065193 (system/org.apache.httpd) <Notice>: service state: spawn scheduled
2021-11-27 18:46:27.065195 (system/org.apache.httpd) <Notice>: service throttled by 10 seconds

Hopefully, this isn't just me.

Change History (3)

comment:1 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)

Keywords: monterey added

As far as I know, the notice about implicitly declared functions is harmless. I imagine we should globally suppress warnings about these specific functions, but I have not done so because I have not researched them.

I'm afraid I don't know why the sandbox would be denying you access to the PHP module.

comment:2 Changed 3 years ago by paxperscientiam (Chris)

Hi Ryan, if you come up with any tests that you think I should conduct, I'd be happy to try it out and report back.

comment:3 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)

I'm sorry, I don't know anything about this. If you find something we need to change in MacPorts related to this, let us know.

Note: See TracTickets for help on using tickets.