Switch to custom compiled php

etc/systemd/system/php7.2-fpm.service

@@ -0,0 +1,17 @@
+# This service is actually a systemd target,
+# but we are using a service since targets cannot be reloaded.
+
+[Unit]
+Description=The PHP 7.2 FastCGI Process Manager (multi instance master)
+Documentation=man:php-fpm7.2(8)
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecReload=/bin/true
+
+[Install]
+WantedBy=multi-user.target
+

etc/systemd/system/php7.2-fpm@.service

@@ -0,0 +1,34 @@
+[Unit]
+Description=The PHP 7.2 FastCGI Process Manager (instance %i)
+Documentation=man:php-fpm7.2(8)
+After=network.target
+PartOf=php7.2-fpm.service
+ReloadPropagatedFrom=php7.2-fpm.service
+
+[Service] 
+Type=notify
+PIDFile=/run/php/php7.2-fpm-%i.pid
+ExecStart=/usr/sbin/php-fpm7.2 --nodaemonize --fpm-config /etc/php/7.2/fpm/php-fpm-%i.conf
+ExecReload=/bin/kill -USR2 $MAINPID
+LimitNOFILE=100000
+TimeoutStartSec=300
+ProtectSystem=strict
+PrivateTmp=true
+# sendmail requires it... enable once chrooted
+#NoNewPrivileges=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
+SystemCallArchitectures=native
+ReadWritePaths=-/var/log/
+ReadWritePaths=-/var/run/
+ReadWritePaths=-/run/
+InaccessiblePaths=-/root/
+CPUQuota=100%
+MemoryHigh=25%
+MemoryMax=35%
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/php7.2-fpm@default.service

@@ -0,0 +1,36 @@
+[Unit]
+Description=The PHP 7.2 FastCGI Process Manager
+Documentation=man:php-fpm7.2(8)
+After=network.target
+PartOf=php7.2-fpm.service
+ReloadPropagatedFrom=php7.2-fpm.service
+
+[Service] 
+Type=notify
+PIDFile=/run/php/php7.2-fpm.pid
+ExecStart=/usr/sbin/php-fpm7.2 --nodaemonize --fpm-config /etc/php/7.2/fpm/php-fpm.conf
+ExecReload=/bin/kill -USR2 $MAINPID
+LimitNOFILE=100000
+TimeoutStartSec=300
+ProtectSystem=strict
+PrivateTmp=true
+# sendmail requires it... enable once chrooted
+#NoNewPrivileges=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
+SystemCallArchitectures=native
+ReadWritePaths=-/var/log/
+ReadWritePaths=-/var/run/
+ReadWritePaths=-/run/
+ReadWritePaths=-/var/local/squirrelmail/
+ReadWritePaths=-/var/www/
+InaccessiblePaths=-/root/
+CPUQuota=100%
+MemoryHigh=25%
+MemoryMax=35%
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/php7.3-fpm@.service

@@ -22,10 +22,10 @@ ProtectKernelModules=true
 ProtectControlGroups=true
 LockPersonality=true
 SystemCallArchitectures=native
-BindPaths=/var/log/
-BindPaths=/var/run/php/
-BindPaths=/run/php/
-InaccessiblePaths=/root/
+ReadWritePaths=-/var/log/
+ReadWritePaths=-/var/run/
+ReadWritePaths=-/run/
+InaccessiblePaths=-/root/
 CPUQuota=100%
 MemoryHigh=25%
 MemoryMax=35%

etc/systemd/system/php7.3-fpm@default.service

@@ -22,13 +22,12 @@ ProtectKernelModules=true
 ProtectControlGroups=true
 LockPersonality=true
 SystemCallArchitectures=native
-BindPaths=/var/log/
-BindPaths=/var/run/php/
-BindPaths=/run/php/
-BindPaths=/var/lib/php/sessions
-BindPaths=/var/local/squirrelmail/
-BindPaths=/var/www/
-InaccessiblePaths=/root/
+ReadWritePaths=-/var/log/
+ReadWritePaths=-/var/run/
+ReadWritePaths=-/run/
+ReadWritePaths=-/var/local/squirrelmail/
+ReadWritePaths=-/var/www/
+InaccessiblePaths=-/root/
 CPUQuota=100%
 MemoryHigh=25%
 MemoryMax=35%

etc/systemd/system/php7.4-fpm.service

@@ -0,0 +1,17 @@
+# This service is actually a systemd target,
+# but we are using a service since targets cannot be reloaded.
+
+[Unit]
+Description=The PHP 7.3 FastCGI Process Manager (multi instance master)
+Documentation=man:php-fpm7.3(8)
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecReload=/bin/true
+
+[Install]
+WantedBy=multi-user.target
+

etc/systemd/system/php7.4-fpm@.service

@@ -0,0 +1,34 @@
+[Unit]
+Description=The PHP 7.4 FastCGI Process Manager (instance %i)
+Documentation=man:php-fpm7.4(8)
+After=network.target
+PartOf=php7.4-fpm.service
+ReloadPropagatedFrom=php7.4-fpm.service
+
+[Service] 
+Type=notify
+PIDFile=/run/php/php7.4-fpm-%i.pid
+ExecStart=/usr/sbin/php-fpm7.4 --nodaemonize --fpm-config /etc/php/7.4/fpm/php-fpm-%i.conf
+ExecReload=/bin/kill -USR2 $MAINPID
+LimitNOFILE=100000
+TimeoutStartSec=300
+ProtectSystem=strict
+PrivateTmp=true
+# sendmail requires it... enable once chrooted
+#NoNewPrivileges=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
+SystemCallArchitectures=native
+ReadWritePaths=-/var/log/
+ReadWritePaths=-/var/run/
+ReadWritePaths=-/run/
+InaccessiblePaths=-/root/
+CPUQuota=100%
+MemoryHigh=25%
+MemoryMax=35%
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/php7.4-fpm@default.service

@@ -0,0 +1,36 @@
+[Unit]
+Description=The PHP 7.4 FastCGI Process Manager
+Documentation=man:php-fpm7.4(8)
+After=network.target
+PartOf=php7.4-fpm.service
+ReloadPropagatedFrom=php7.4-fpm.service
+
+[Service] 
+Type=notify
+PIDFile=/run/php/php7.4-fpm.pid
+ExecStart=/usr/sbin/php-fpm7.4 --nodaemonize --fpm-config /etc/php/7.4/fpm/php-fpm.conf
+ExecReload=/bin/kill -USR2 $MAINPID
+LimitNOFILE=100000
+TimeoutStartSec=300
+ProtectSystem=strict
+PrivateTmp=true
+# sendmail requires it... enable once chrooted
+#NoNewPrivileges=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+LockPersonality=true
+SystemCallArchitectures=native
+ReadWritePaths=-/var/log/
+ReadWritePaths=-/var/run/
+ReadWritePaths=-/run/
+ReadWritePaths=-/var/local/squirrelmail/
+ReadWritePaths=-/var/www/
+InaccessiblePaths=-/root/
+CPUQuota=100%
+MemoryHigh=25%
+MemoryMax=35%
+
+[Install]
+WantedBy=multi-user.target