replace tmpfiles.d with RuntimeDirectory for nginx

This is much more robust because nginx will fail to start after being
killed or crashing due to only removing old Unix domain sockets when it
stops cleanly. It ends up owned by root:root instead of root:http which
is fine because only the master process opens it.
This commit is contained in:
Daniel Micay 2022-09-26 15:37:43 -04:00
parent 88d8e37233
commit 320ad2e3a8
2 changed files with 2 additions and 1 deletions

View File

@ -21,6 +21,8 @@ RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
RuntimeDirectory=nginx
RuntimeDirectoryMode=700
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@obsolete

View File

@ -1 +0,0 @@
d /run/nginx 0750 root http -