Bug 2120351

Summary: Issue with ubi9/php-80
Product: Red Hat Enterprise Linux 9 Reporter: miguel abellon <mabellon>
Component: php-81-containerAssignee: Remi Collet <rcollet>
Status: NEW --- QA Contact: rhscl image testing <rhscl-container-qe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.0CC: aogburn, pkubat, rcollet
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description miguel abellon 2022-08-22 16:24:52 UTC 
Description of problem:

When switching from ubi8 to ubi9 the change from mod_php to php fpm breaks configs with environment variables

Version-Release number of selected component (if applicable):


How reproducible:

Dockerfile.ubi8


# ubi8 
FROM registry.access.redhat.com/ubi8/php-80

USER 0
ADD . /tmp/src
RUN chown -R 1001:0 /tmp/src
USER 1001

# Install the dependencies
RUN /usr/libexec/s2i/assemble

# Set the default command for the resulting image
CMD /usr/libexec/s2i/run
Dockerfile.ubi9


# ubi9
FROM registry.access.redhat.com/ubi9/php-80

USER 0
ADD . /tmp/src
RUN chown -R 1001:0 /tmp/src
USER 1001

# Uncomment this sed to fix the environment variables
# RUN sed -i "s/.clear_env.=.*/clear_env = no/g" /etc/php-fpm.d/www.conf

# Install the dependencies
RUN /usr/libexec/s2i/assemble

# Set the default command for the resulting image
CMD /usr/libexec/s2i/run
With those two docker files in the same directly build out a phpinfo file


cat <<EOF >>phpinfo.php
<?php

phpinfo();

?>
EOF
UBI8 baseline of expected results
Now run the ubi8 image to see the expected baseline


docker build . -f Dockerfile.ubi8 -t test8:latest
podman run -e FOO=BAR -p 8080:8080 test8:latest
open a browser to http://127.0.0.1:8080/phpinfo.php


note:



in loaded modules "mod_php"

environment variable FOO is set to bar


UBI9 showing issue
docker build . -f Dockerfile.ubi9 -t test9:latest
podman run -e FOO=BAR -p 8080:8080 test9:latest
open a browser to http://127.0.0.1:8080/phpinfo.php


note:



no loaded modules "mod_php"

php-fpm now set to active in cgi

environment varible FOO is now missing


From here you can edit the Dockerfile.ubi9 and uncomment the sed line/rebuild/rerun and see the normal expected results.
Comment 1 miguel abellon 2022-08-22 16:25:44 UTC 
case#03292153
Comment 4 Remi Collet 2022-09-27 08:34:23 UTC 
Default upstream value for php-fpm (clear_env=yes) is considered a security behavior

I have no string opinion about this, perhaps should ask the security team about this.
Comment 5 Remi Collet 2022-09-27 08:40:21 UTC 
For memory: this option was introduced in
https://github.com/php/php-src/commit/a97ae8bc06dfd5e89932fa49f7a09acf5e555e6c
The default value preserves previous behavior.
Comment 6 Petr Kubat 2023-06-26 09:32:12 UTC 
Upstream PR for implementing a new environment variable that allows configuration of the clear_env variable: https://github.com/sclorg/s2i-php-container/pull/406