Updated: PKGBUILD

1 files changed, 21 insertions, 4 deletions

diff --git a/postgresql.service b/postgresql.service
index 294b66e8f2c2..dcef95a9c103 100644
--- a/postgresql.service
+++ b/postgresql.service
@@ -3,7 +3,7 @@ Description=PostgreSQL database server
 After=network.target
 
 [Service]
-Type=forking
+Type=notify
 TimeoutSec=120
 User=postgres
 Group=postgres
@@ -12,15 +12,32 @@ Environment=PGROOT=/var/lib/postgres
 
 SyslogIdentifier=postgres
 PIDFile=/var/lib/postgres/data/postmaster.pid
+RuntimeDirectory=postgresql
+RuntimeDirectoryMode=755
 
 ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}/data
-ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120
-ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT}/data reload
-ExecStop=  /usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast
+ExecStart=/usr/bin/postgres -D ${PGROOT}/data
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillMode=mixed
+KillSignal=SIGINT
 
 # Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
 # killing Postgres, so adjust it downward
 OOMScoreAdjust=-200
 
+# Additional security-related features
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+PrivateDevices=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+
 [Install]
 WantedBy=multi-user.target