diff options
| author | Florian Klink <flokli@flokli.de> | 2019-11-21 23:31:19 +0100 |
|---|---|---|
| committer | Florian Klink <flokli@flokli.de> | 2019-11-21 23:31:19 +0100 |
| commit | 4321a88f44e8e7fd9ac39a4b53463c8588eed1c3 (patch) | |
| tree | 6969f7e46bc7ab5f1dffe521d7d1915dae364569 /nixos/doc/manual | |
| parent | 758efb93480ed94d718c824a4472a3f5cae551c9 (diff) | |
| download | nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.gz nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.bz2 nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.lz nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.xz nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.zst nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.zip | |
nixos/phpfpm: enable PrivateTmp=true
This seems to be mostly a pre - #57677 relict. As postgresql sockets now are not in /tmp anymore, isolate /tmp.
Diffstat (limited to 'nixos/doc/manual')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index c0e7a00d757..1ea07679dab 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -163,6 +163,14 @@ time during the releases development (if viable). </para> </listitem> + <listitem> + <para> + The <link linkend="opt-services.phpfpm.pools">phpfpm</link> module now sets + <literal>PrivateTmp=true</literal> in its systemd units for better process isolation. + If you rely on <literal>/tmp</literal> being shared with other services, explicitly override this by + setting <literal>serviceConfig.PrivateTmp</literal> to <literal>false</literal> for each phpfpm unit. + </para> + </listitem> </itemizedlist> </section> |