Fix bug #78889 (php-fpm service fails to start)

diff --git a/NEWS b/NEWS
index aa60eba5479e36de38cac9adc278d6e35b0976aa..824ad08eb08783772e2f5791e596cdc6cc2d4110 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ PHP                                                                        NEWS
 - FPM:
   . Fixed bug #76601 (Partially working php-fpm ater incomplete reload).
     (Maksim Nikulin)
+  . Fixed bug #78889 (php-fpm service fails to start). (Jakub Zelenka)
 
 - OPcache:
   . Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).

diff --git a/sapi/fpm/php-fpm.service.in b/sapi/fpm/php-fpm.service.in
index 857cb0e8f132e860d1fdf5105d96442c0865b607..f58ea08af8ff83beb981476d4641ff4102024299 100644 (file)
--- a/sapi/fpm/php-fpm.service.in
+++ b/sapi/fpm/php-fpm.service.in
@@ -32,13 +32,6 @@ NoNewPrivileges=true
 # but no physical devices such as /dev/sda.
 PrivateDevices=true
 
-# Required for dropping privileges and running as a different user
-CapabilityBoundingSet=CAP_SETGID CAP_SETUID
-
-# Attempts to create memory mappings that are writable and executable at the same time,
-# or to change existing memory mappings to become executable are prohibited.
-MemoryDenyWriteExecute=true
-
 # Explicit module loading will be denied. This allows to turn off module load and unload
 # operations on modular kernels. It is recommended to turn this on for most services that
 # do not need special file systems or extra kernel modules to work.