Package: php7.0-fpm
Severity: wishlist
Tags: patch
Dear Maintainer,
please see attached patch. It will add some systemd features for a
more secure environment.
Greets,
Jonasdiff --git a/php-fpm.service b/php-fpm.service
index 5621b29..130cc7e 100644
--- a/php-fpm.service
+++ b/php-fpm.service
@@ -10,6 +10,9 @@ ExecStartPre=/usr/lib/php/php@PHP_VERSION@-fpm-checkconf
ExecStart=/usr/sbin/php-fpm@PHP_VERSION@ --nodaemonize --fpm-config /etc/php/@PHP_VERSION@/fpm/php-fpm.conf
ExecReload=/usr/lib/php/php@PHP_VERSION@-fpm-checkconf
ExecReload=/bin/kill -USR2 $MAINPID
+ProtectSystem=full
+PrivateTmp=true
+PrivateDevices=true
[Install]
WantedBy=multi-user.target
