diff options
author | GoliathLabs | 2020-05-10 12:20:55 +0200 |
---|---|---|
committer | GoliathLabs | 2020-05-10 12:20:55 +0200 |
commit | 55fd3e3ee3f1779c8fa75d7e0f73f24c5e8c0f54 (patch) | |
tree | 66cb220d3399b341dbc5cee9dfcae5ab96bb05c1 /postgresql.service | |
parent | 561a0511d156a1276499e13427def79ee1d9a50a (diff) | |
download | aur-55fd3e3ee3f1779c8fa75d7e0f73f24c5e8c0f54.tar.gz |
Updated: 9.4.26
Diffstat (limited to 'postgresql.service')
-rw-r--r-- | postgresql.service | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/postgresql.service b/postgresql.service index 294b66e8f2c2..dcef95a9c103 100644 --- a/postgresql.service +++ b/postgresql.service @@ -3,7 +3,7 @@ Description=PostgreSQL database server After=network.target [Service] -Type=forking +Type=notify TimeoutSec=120 User=postgres Group=postgres @@ -12,15 +12,32 @@ Environment=PGROOT=/var/lib/postgres SyslogIdentifier=postgres PIDFile=/var/lib/postgres/data/postmaster.pid +RuntimeDirectory=postgresql +RuntimeDirectoryMode=755 ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data -ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120 -ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT}/data reload -ExecStop= /usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast +ExecStart=/usr/bin/postgres -D ${PGROOT}/data +ExecReload=/bin/kill -HUP ${MAINPID} +KillMode=mixed +KillSignal=SIGINT # Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in # killing Postgres, so adjust it downward OOMScoreAdjust=-200 +# Additional security-related features +PrivateTmp=true +ProtectHome=true +ProtectSystem=full +NoNewPrivileges=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=true +PrivateDevices=true +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native + [Install] WantedBy=multi-user.target |