php-fpm

PHP-FPM does not compartmentalize its cache by pool.

This can lead to some security problems but also some operating problmes.
Indeed, the key of the cache seems to be, by default, only the path of the PHP file.

The side effect is easily seen when using the chroot parameter within different pools when they have the same paths inside their respective chroot directory:

To fix this problem, the following parameters must be set in the php.ini file from PHP-FPM: (for example in /etc/php/7.0/fpm/php.ini):

opcache.use_cwd = 1
opcache.validate_permission = 1
opcache.validate_root = 1

Or they can be set in the configuration file of each pool:

    
php_admin_flag[opcache.use_cwd] = 1
php_admin_flag[opcache.validate_permission] = 1
php_admin_flag[opcache.validate_root] = 1

For more informations:
https://ma.ttias.be/mitigating-phps-long-standing-issue-opcache-leaking-sensitive-data/
https://bugs.php.net/bug.php?id=69090