From: Jakub Zelenka <bukka@php.net>
Date: Sun, 1 Dec 2019 17:13:20 +0000 (+0000)
Subject: Fix bug #78889 (php-fpm service fails to start)
X-Git-Tag: php-7.4.7RC1~479
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=67cd4271e922ee3082b416a7563598274d13a1e5;p=php

Fix bug #78889 (php-fpm service fails to start)
---

diff --git a/NEWS b/NEWS
index aa60eba547..824ad08eb0 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ PHP                                                                        NEWS
 - FPM:
   . Fixed bug #76601 (Partially working php-fpm ater incomplete reload).
     (Maksim Nikulin)
+  . Fixed bug #78889 (php-fpm service fails to start). (Jakub Zelenka)
 
 - OPcache:
   . Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
diff --git a/sapi/fpm/php-fpm.service.in b/sapi/fpm/php-fpm.service.in
index 857cb0e8f1..f58ea08af8 100644
--- a/sapi/fpm/php-fpm.service.in
+++ b/sapi/fpm/php-fpm.service.in
@@ -32,13 +32,6 @@ NoNewPrivileges=true
 # but no physical devices such as /dev/sda.
 PrivateDevices=true
 
-# Required for dropping privileges and running as a different user
-CapabilityBoundingSet=CAP_SETGID CAP_SETUID
-
-# Attempts to create memory mappings that are writable and executable at the same time,
-# or to change existing memory mappings to become executable are prohibited.
-MemoryDenyWriteExecute=true
-
 # Explicit module loading will be denied. This allows to turn off module load and unload
 # operations on modular kernels. It is recommended to turn this on for most services that
 # do not need special file systems or extra kernel modules to work.