Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Sébastien Luttringer
infrastructure
Commits
56086b60
Commit
56086b60
authored
Dec 09, 2019
by
Jelle van der Waa
🚧
Browse files
php-fpm: sync hardening options from php upstream
parent
7d0ad690
Changes
1
Hide whitespace changes
Inline
Side-by-side
roles/php-fpm/files/php-fpm@.service
View file @
56086b60
...
...
@@ -16,6 +16,17 @@ ProtectHome=true
ProtectSystem
=
full
InaccessiblePaths
=
-/var/lib/mysql
ProtectKernelModules
=
true
ProtectKernelTunables
=
true
ProtectControlGroups
=
true
RestrictRealtime
=
true
RestrictNamespaces
=
true
# Restricts the set of socket address families accessible to the processes of this unit.
# Protects against vulnerabilities such as CVE-2016-8655
RestrictAddressFamilies
=
AF_INET AF_INET6 AF_NETLINK AF_UNIX
MemoryAccounting
=
yes
CPUAccounting
=
yes
IOAccounting
=
yes
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
