Passbolt on openSUSE Leap 15.5 fails to start php-fpm
Installing Passbolt using their guide fails to start php-fpm at the end, with this error:
.
.
.
===================
Setting up nginx...
===================
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
extension=gnupg.so
Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service.
Job for php-fpm.service failed because the control process exited with error code.
See "systemctl status php-fpm.service" and "journalctl -xeu php-fpm.service" for details.
===================
Setting up nginx...
===================
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
extension=gnupg.so
Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service.
Job for php-fpm.service failed because the control process exited with error code.
See "systemctl status php-fpm.service" and "journalctl -xeu php-fpm.service" for details.
Leap 15.4 and newer (possibly older releases too, I didn't check) come with AppArmor installed and running. The default config doesn't expect/allow php-fpm to create a www.sock in /var/run so we need to edit the config to allow that.
vi /etc/apparmor.d/php-fpm
Find the line that says "# we need to be able to create all sockets" at around line 37 and ADD this right after...
@{run}/php{,-fpm}/www.sock rw,
@{run}/php{,-fpm}/www.sock rw,
restart/reload apparmor.service and you should be able to get it running now: systemctl restart php-fpm.service
Ideally you'd adjust the config prior to running the installer, but you won't have seen the error at that point!! :-D
This is just the beginning; there are a load of issues reading other config files which I haven't resolved yet - in the first instance you might just prefer to clear the config (aa-teardown) to prove it works.