Commit aafb1585 authored by mh's avatar mh
Browse files

options such as mail might require setuid/setgid and hence we can't disable this by default

parent 9dee3ca7
......@@ -8,6 +8,7 @@ define php::fpm(
Hash $additional_envs = {},
Hash $php_settings = {},
Hash $fpm_settings = {},
Hash $systemd_options = {},
String $run_user = "${name}_run",
String $run_group = $name,
Array[Stdlib::Compat::Absolute_Path]
......
......@@ -16,7 +16,9 @@ RuntimeDirectory=fpm-<%= @name %>
SyslogIdentifier=fpm-<%= @name %>
# security settings
PrivateTmp=true
<% if @systemd_options['no_new_privileges'] -%>
NoNewPrivileges=true
<% end -%>
ProtectSystem=full
# to be migrated once in EL7
# ProtectSystem=strict
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment