From d53fa7f451ba3647fd417ce53dfd439282cb1b33 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Wed, 29 Jun 2016 06:48:06 +0200
Subject: [PATCH] Improve php-fpm systemd unit file

- use PrivateTmp, now available everwhere, for better security
- add comment about how to customize the unit file
---
 sapi/fpm/php-fpm.service.in | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sapi/fpm/php-fpm.service.in b/sapi/fpm/php-fpm.service.in
index a2df30e28d..e2c807426b 100644
--- a/sapi/fpm/php-fpm.service.in
+++ b/sapi/fpm/php-fpm.service.in
@@ -1,3 +1,7 @@
+# It's not recommended to modify this file in-place, because it
+# will be overwritten during upgrades.  If you want to customize,
+# the best way is to use the "systemctl edit" command.
+
 [Unit]
 Description=The PHP FastCGI Process Manager
 After=syslog.target network.target
@@ -7,6 +11,7 @@ Type=@php_fpm_systemd@
 PIDFile=@localstatedir@/run/php-fpm.pid
 ExecStart=@sbindir@/php-fpm --nodaemonize --fpm-config @sysconfdir@/php-fpm.conf
 ExecReload=/bin/kill -USR2 $MAINPID
+PrivateTmp=true
 
 [Install]
 WantedBy=multi-user.target
-- 
2.50.1