Merge profiles: add support for ArchLinux php-legacy package to php-fpm

ArchLinux ships a secondary PHP package called php-legacy with different
paths. As of now, the php-fpm profile will cover this binary but
inadequately restrict it.

Fixes: #454

Closes #454
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1401
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: John Johansen <john@jjmx.net>

profiles/apparmor.d/abstractions/php

@@ -13,25 +13,25 @@
   abi <abi/4.0>,
 
   # shared snippets for config files
-  /etc/php{,5,7,8}/** r,
+  /etc/php{,5,7,8,-legacy}/** r,
 
   # Xlibs
   /usr/X11R6/lib{,32,64}/lib*.so* mr,
   # php extensions
-  /usr/lib{64,}/php{,5,7,8}/*/*.so mr,
+  /usr/lib{64,}/php{,5,7,8,-legacy}/*/*.so mr,
 
   # ICU (unicode support) data tables
   /usr/share/icu/*/*.dat r,
 
   # php session mmap socket
-  /var/lib/php{,5,7,8}/session_mm_* rwlk,
+  /var/lib/php{,5,7,8,-legacy}/session_mm_* rwlk,
   # file based session handler
-  /var/lib/php{,5,7,8}/sess_* rwlk,
+  /var/lib/php{,5,7,8,-legacy}/sess_* rwlk,
-  /var/lib/php{,5,7,8}/sessions/* rwlk,
+  /var/lib/php{,5,7,8,-legacy}/sessions/* rwlk,
 
   # php libraries
-  /usr/share/php{,5,7,8}/ r,
+  /usr/share/php{,5,7,8,-legacy}/ r,
-  /usr/share/php{,5,7,8}/** mr,
+  /usr/share/php{,5,7,8,-legacy}/** mr,
 
   # MySQL extension
   /usr/share/mysql/** r,

profiles/apparmor.d/php-fpm

@@ -32,9 +32,9 @@ profile php-fpm /usr/{bin,sbin}/php-fpm* flags=(attach_disconnected) {
   /var/log/php*-fpm.log rw,
 
   # we need to be able to create all sockets
-  @{run}/php{,-fpm}/php*-fpm.pid rw,
+  @{run}/php{,-fpm,-fpm-legacy}/php*-fpm.pid rw,
   @{run}/php*-fpm.pid rw,
-  @{run}/php{,-fpm}/php*-fpm.sock rwlk,
+  @{run}/php{,-fpm,-fpm-legacy}/php*-fpm.sock rwlk,
 
   # LP: #2061113
   owner @{run}/systemd/notify w,