From 1d9f43c5ecb20fe0a2a4abe9b94abd0d389edb40 Mon Sep 17 00:00:00 2001 From: Jack Ding Date: Mon, 14 May 2018 22:44:32 -0400 Subject: [PATCH 2/2] Add dependencies and comment out incompatible service parameters --- scripts/memcached.service | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/memcached.service b/scripts/memcached.service index 8e58485..021b8b4 100644 --- a/scripts/memcached.service +++ b/scripts/memcached.service @@ -12,7 +12,7 @@ [Unit] Description=memcached daemon Before=httpd.service -After=network.target +After=network-online.target [Service] EnvironmentFile=/etc/sysconfig/memcached @@ -46,34 +46,34 @@ LimitNOFILE=16384 # Explicit module loading will be denied. This allows to turn off module load and unload # operations on modular kernels. It is recommended to turn this on for most services that # do not need special file systems or extra kernel modules to work. -ProtectKernelModules=true +#ProtectKernelModules=true # Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats, # /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be made read-only to all processes # of the unit. Usually, tunable kernel variables should only be written at boot-time, with the # sysctl.d(5) mechanism. Almost no services need to write to these at runtime; it is hence # recommended to turn this on for most services. -ProtectKernelTunables=true +#ProtectKernelTunables=true # The Linux Control Groups (cgroups(7)) hierarchies accessible through /sys/fs/cgroup will be # made read-only to all processes of the unit. Except for container managers no services should # require write access to the control groups hierarchies; it is hence recommended to turn this on # for most services -ProtectControlGroups=true +#ProtectControlGroups=true # Any attempts to enable realtime scheduling in a process of the unit are refused. -RestrictRealtime=true +#RestrictRealtime=true # Restricts the set of socket address families accessible to the processes of this unit. # Protects against vulnerabilities such as CVE-2016-8655 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX # Takes away the ability to create or manage any kind of namespace -RestrictNamespaces=true +#RestrictNamespaces=true # WRS Restart=always -RestartSec=0 +RestartSec=10 [Install] WantedBy=multi-user.target -- 1.8.3.1