FS#64781 - [php-fpm] Please add CapabilityBoundingSet=CAP_KILL
Attached to Project:
Arch Linux
Opened by xyz (sjon) - Monday, 09 December 2019, 12:39 GMT
Last edited by Pierre Schmitz (Pierre) - Wednesday, 18 December 2019, 14:08 GMT
Opened by xyz (sjon) - Monday, 09 December 2019, 12:39 GMT
Last edited by Pierre Schmitz (Pierre) - Wednesday, 18 December 2019, 14:08 GMT
|
Details
Description:
without CAP_KILL `systemctl reload php-fpm` fails because the fpm master is not allowed to kill it's children (since they run as http, not root) if this reload is triggered by logrotate (which sends USR2 to fpm) the consequences are more severe - all children will effectively hang, while not being able to serve requests |
This task depends upon
ExecReload=+/bin/kill -USR2 $MAINPID
Edit: Ignore me. fpm itself probably does the killing.