I don't think those mechanisms allow you to override the "disable_functions setting" which is applied with the CB 2.0 "secure_php" option, which seems to be a global setting. php-fpm conf gives the appearance of an override, but it doesn't seem to take effect. That is my primary issue at the moment, and is what people still have issues with as per these threads:
Right, so from that, then perhaps the process described here could be implemented?:disable_functions directive is controlled by php.ini
I'm just looking for way to make php-fpm "secure_php" better than ON or OFF, to better manage users with a reasonable justification to use those functions. Personally, I think it would be nice if the frameworks themselves were designed to better match shared hosting situations, but maybe both sides need to meet in the middle somewhere.If you want proc_open enabled for a particular user, then you have to remove proc_open from the php.ini file, then add it to all of the disabled_functions php_admin_value directive for all of the php-fpm pools. Then remove it from the disabled_functions php_admin_value for the pool that you want it enabled on.