We attempted to switch one of our sites to chrooted php-fpm. We first did a test run on a freshly setup system (debian12, ISPConfig 3.2.11p1, all default) and could enable chroot for php-fpm without any issues. When we attempted the same on another system (currently also ISPConfig 3.2.11p1 but has been updated multiple times) we saw php-fpm segfaulting once chroot was enabled for php-fpm. Ultimately, we could trace this down to differences in the jail setup. On the newly setup test system the server config param Jailkit cron chrooted applications included the following additional paths: /usr/lib/php/ /usr/share/php/ /usr/share/zoneinfo/ Once the this three paths were added to the websites Jailkit chrooted applications config param on the existing system (the one which went through multiple ISPConfig updates) the contents of these paths were effectively copied into the jail dir and chrooted php-fpm worked fine. I would please like to double check with you if all three paths should have been included in the server config and if yes if they shouldn't be also included in Jailkit chrooted application server config param. We further noticed that on the already existing system opcache.validate_root was disabled. It is my understanding that this should be enabled when running php-fpm in multiple chroots?
Append "Jailkit chroot app sections" under System > Server config > server1.example.com > Jailkit with: Code: php php5_6 php7_0 php7_1 php7_2 php7_3 php7_4 php8_0 php8_1 php8_2 You can leave out PHP versions that are not necessary, but "php" shall always be included.
