[Unit]
Description=The PHP 7.2 FastCGI Process Manager
Documentation=man:php-fpm7.2(8)
After=network.target
PartOf=php7.2-fpm.service
ReloadPropagatedFrom=php7.2-fpm.service

[Service] 
Type=notify
PIDFile=/run/php/php7.2-fpm.pid
ExecStart=/usr/sbin/php-fpm7.2 --nodaemonize --fpm-config /etc/php/7.2/fpm/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID
LimitNOFILE=100000
TimeoutStartSec=300
ProtectSystem=strict
PrivateTmp=true
# sendmail requires it...
#NoNewPrivileges=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true
SystemCallArchitectures=native
ReadWritePaths=-/var/log/
ReadWritePaths=-/var/run/
ReadWritePaths=-/run/
ReadWritePaths=-/var/local/squirrelmail/
ReadWritePaths=-/var/www/
ReadWritePaths=-/var/spool/postfix/
InaccessiblePaths=-/root/
CPUQuota=100%
MemoryHigh=25%
MemoryMax=35%
RuntimeDirectory=php
RuntimeDirectoryPreserve=yes

[Install]
WantedBy=multi-user.target