Bug 2120351 - Issue with ubi9/php-80
Summary: Issue with ubi9/php-80
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: php-81-container
Version: 9.0
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Remi Collet
QA Contact: rhscl image testing
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-08-22 16:24 UTC by miguel abellon
Modified: 2023-06-26 09:32 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-131861 0 None None None 2022-08-22 16:33:32 UTC
Red Hat Knowledge Base (Solution) 6972818 0 None None None 2022-08-22 18:56:22 UTC

Description miguel abellon 2022-08-22 16:24:52 UTC 
Description of problem:

When switching from ubi8 to ubi9 the change from mod_php to php fpm breaks configs with environment variables

Version-Release number of selected component (if applicable):


How reproducible:

Dockerfile.ubi8


# ubi8 
FROM registry.access.redhat.com/ubi8/php-80

USER 0
ADD . /tmp/src
RUN chown -R 1001:0 /tmp/src
USER 1001

# Install the dependencies
RUN /usr/libexec/s2i/assemble

# Set the default command for the resulting image
CMD /usr/libexec/s2i/run
Dockerfile.ubi9


# ubi9
FROM registry.access.redhat.com/ubi9/php-80

USER 0
ADD . /tmp/src
RUN chown -R 1001:0 /tmp/src
USER 1001

# Uncomment this sed to fix the environment variables
# RUN sed -i "s/.clear_env.=.*/clear_env = no/g" /etc/php-fpm.d/www.conf

# Install the dependencies
RUN /usr/libexec/s2i/assemble

# Set the default command for the resulting image
CMD /usr/libexec/s2i/run
With those two docker files in the same directly build out a phpinfo file


cat <<EOF >>phpinfo.php
<?php

phpinfo();

?>
EOF
UBI8 baseline of expected results
Now run the ubi8 image to see the expected baseline


docker build . -f Dockerfile.ubi8 -t test8:latest
podman run -e FOO=BAR -p 8080:8080 test8:latest
open a browser to http://127.0.0.1:8080/phpinfo.php


note:



in loaded modules "mod_php"

environment variable FOO is set to bar


UBI9 showing issue
docker build . -f Dockerfile.ubi9 -t test9:latest
podman run -e FOO=BAR -p 8080:8080 test9:latest
open a browser to http://127.0.0.1:8080/phpinfo.php


note:



no loaded modules "mod_php"

php-fpm now set to active in cgi

environment varible FOO is now missing


From here you can edit the Dockerfile.ubi9 and uncomment the sed line/rebuild/rerun and see the normal expected results.
Comment 1 miguel abellon 2022-08-22 16:25:44 UTC 
case#03292153
Comment 4 Remi Collet 2022-09-27 08:34:23 UTC 
Default upstream value for php-fpm (clear_env=yes) is considered a security behavior

I have no string opinion about this, perhaps should ask the security team about this.
Comment 5 Remi Collet 2022-09-27 08:40:21 UTC 
For memory: this option was introduced in
https://github.com/php/php-src/commit/a97ae8bc06dfd5e89932fa49f7a09acf5e555e6c
The default value preserves previous behavior.
Comment 6 Petr Kubat 2023-06-26 09:32:12 UTC 
Upstream PR for implementing a new environment variable that allows configuration of the clear_env variable: https://github.com/sclorg/s2i-php-container/pull/406
Note You need to log in before you can comment on or make changes to this bug.