Group :: Sistema/Servidores
RPM: memcached
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: memcached-1.6.21.patch
Download
Download
.gear/rules | 3 +
.../tags/e575dfae5e3718fc8a132fd08d8d83e61d1565c2 | 6 +
.gear/tags/list | 1 +
.gear/upstream/remotes | 3 +
memcached.c | 34 ++-
memcached.conf | 47 ++++
memcached.init | 99 +++++++
memcached.service | 39 +++
memcached.spec | 300 +++++++++++++++++++++
memcached.sysconfig | 15 ++
memcached@.service | 44 +++
11 files changed, 572 insertions(+), 19 deletions(-)
diff --git a/.gear/rules b/.gear/rules
new file mode 100644
index 0000000..b1ec84a
--- /dev/null
+++ b/.gear/rules
@@ -0,0 +1,3 @@
+tar: @version@:.
+diff: @version@:. . name=@name@-@version@.patch
+
diff --git a/.gear/tags/e575dfae5e3718fc8a132fd08d8d83e61d1565c2 b/.gear/tags/e575dfae5e3718fc8a132fd08d8d83e61d1565c2
new file mode 100644
index 0000000..c58efd2
--- /dev/null
+++ b/.gear/tags/e575dfae5e3718fc8a132fd08d8d83e61d1565c2
@@ -0,0 +1,6 @@
+object efee763c93249358ea5b3b42c7fd4e57e2599c30
+type commit
+tag 1.6.21
+tagger dormando <dormando@rydia.net> 1686881534 -0700
+
+https://github.com/memcached/memcached/wiki/ReleaseNotes1621
diff --git a/.gear/tags/list b/.gear/tags/list
new file mode 100644
index 0000000..467a57d
--- /dev/null
+++ b/.gear/tags/list
@@ -0,0 +1 @@
+e575dfae5e3718fc8a132fd08d8d83e61d1565c2 1.6.21
diff --git a/.gear/upstream/remotes b/.gear/upstream/remotes
new file mode 100644
index 0000000..2c4ec05
--- /dev/null
+++ b/.gear/upstream/remotes
@@ -0,0 +1,3 @@
+[remote "upstream"]
+ url = https://github.com/memcached/memcached.git
+ fetch = +refs/heads/*:refs/remotes/upstream/*
diff --git a/memcached.c b/memcached.c
index 306a952..910cfdd 100644
--- a/memcached.c
+++ b/memcached.c
@@ -33,6 +33,7 @@
#define _P1003_1B_VISIBLE
#endif
#include <pwd.h>
+#include <grp.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <netinet/tcp.h>
@@ -4740,6 +4741,8 @@ int main (int argc, char **argv) {
char *pid_file = NULL;
struct passwd *pw;
struct rlimit rlim;
+ uid_t uid = 0;
+ gid_t gid = 0;
char *buf;
char unit = '\0';
int size_max = 0;
@@ -5884,24 +5887,10 @@ int main (int argc, char **argv) {
fprintf(stderr, "can't find the user %s to switch to\n", username);
exit(EX_NOUSER);
}
- if (setgroups(0, NULL) < 0) {
- /* setgroups may fail with EPERM, indicating we are already in a
- * minimally-privileged state. In that case we continue. For all
- * other failure codes we exit.
- *
- * Note that errno is stored here because fprintf may change it.
- */
- bool should_exit = errno != EPERM;
- fprintf(stderr, "failed to drop supplementary groups: %s\n",
- strerror(errno));
- if (should_exit) {
- exit(EX_OSERR);
- }
- }
- if (setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
- fprintf(stderr, "failed to assume identity of user %s\n", username);
- exit(EX_OSERR);
- }
+ uid = pw->pw_uid;
+ gid = pw->pw_gid;
+ pw = NULL;
+ endpwent();
}
/* Initialize Sasl if -S was specified */
@@ -5919,6 +5908,7 @@ int main (int argc, char **argv) {
fprintf(stderr, "failed to daemon() in order to daemonize\n");
exit(EXIT_FAILURE);
}
+ save_pid(pid_file);
}
/* lock paged memory if needed */
@@ -5934,6 +5924,12 @@ int main (int argc, char **argv) {
#endif
}
+ if ((uid || gid) &&
+ (setgroups(0, 0) < 0 || setgid(gid) < 0 || setuid(uid) < 0)) {
+ fprintf(stderr, "failed to assume identity of user %s\n", username);
+ exit(EX_OSERR);
+ }
+
/* initialize main thread libevent instance */
#if defined(LIBEVENT_VERSION_NUMBER) && LIBEVENT_VERSION_NUMBER >= 0x02000101
/* If libevent version is larger/equal to 2.0.2-alpha, use newer version */
@@ -6256,7 +6252,7 @@ int main (int argc, char **argv) {
}
/* remove the PID file if we're a daemon */
- if (do_daemonize)
+ if (do_daemonize && !(uid || gid))
remove_pidfile(pid_file);
/* Clean up strdup() call for bind() address */
if (settings.inter)
diff --git a/memcached.conf b/memcached.conf
new file mode 100644
index 0000000..e0ee9d2
--- /dev/null
+++ b/memcached.conf
@@ -0,0 +1,47 @@
+# memcached default config file
+# 2003 - Jay Bonci <jaybonci@debian.org>
+# This configuration file is read by the start-memcached script provided as
+# part of the Debian GNU/Linux distribution.
+
+# Run memcached as a daemon. This command is implied, and is not needed for the
+# daemon to run. See the README.Debian that comes with this package for more
+# information.
+-d
+
+# Log memcached's output to /var/log/memcached
+logfile /var/log/memcached
+
+# Be verbose
+# -v
+
+# Be even more verbose (print client commands as well)
+# -vv
+
+# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
+# Note that the daemon will grow to this size, but does not start out holding this much
+# memory
+-m 64
+
+# Default connection port is 11211
+-p 11211
+
+# Run the daemon as root. The start-memcached will default to running as root if no
+# -u command is present in this config file
+-u memcached
+
+# Specify which IP address to listen on. The default is to listen on all IP addresses
+# This parameter is one of the only security measures that memcached has, so make sure
+# it's listening on a firewalled interface.
+# -l 12.34.56.78
+
+# Limit the number of simultaneous incoming connections. The daemon default is 1024
+# -c 1024
+
+# Lock down all paged memory. Consult with the README and homepage before you do this
+# -k
+
+# Return error when memory is exhausted (rather than removing items)
+-M
+
+# Maximize core file limit
+# -r
diff --git a/memcached.init b/memcached.init
new file mode 100644
index 0000000..47c33ec
--- /dev/null
+++ b/memcached.init
@@ -0,0 +1,99 @@
+#! /bin/sh
+#
+# chkconfig: - 80 20
+# description: memcached - memory caching daemon
+# processname: /usr/bin/memcached
+# pidfile: /var/run/memcached/memcached.pid
+#
+### BEGIN INIT INFO
+# Provides: memcached
+# Required-Start: $syslog
+# Required-Stop: $syslog
+# Should-Start: $local_fs
+# Should-Stop: $local_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: memcached - Memory caching daemon
+# Description: memcached - Memory caching daemon
+### END INIT INFO
+
+# Do not load RH compatibility interface.
+WITHOUT_RC_COMPAT=1
+
+# Source function library.
+. /etc/init.d/functions
+
+NAME=memcached
+RUNAS=memcached
+LISTEN="127.0.0.1"
+PORT="11211"
+MAXCONN="1024"
+CACHESIZE="64"
+EXTRAOPTIONS=
+PIDFILE="/var/run/$NAME/$NAME.pid"
+LOCKFILE="/var/lock/subsys/$NAME"
+
+# Source config.
+SourceIfNotEmpty "/etc/sysconfig/$NAME"
+
+[ -n "$RUNAS" ] || RUNAS=memcached
+[ -z "$LISTEN" ] || LISTEN="-l $LISTEN"
+
+[ ! -d "/var/run/$NAME" ] && mkdir "/var/run/$NAME"
+
+RETVAL=0
+
+start()
+{
+ start_daemon --expect-user "$RUNAS" --lockfile "$LOCKFILE" --pidfile "$PIDFILE" -- \
+ "$NAME" -d -u "$RUNAS" -P "$PIDFILE" $LISTEN -p $PORT -m $CACHESIZE -c $MAXCONN $EXTRAOPTIONS
+ RETVAL=$?
+ return "$RETVAL"
+}
+
+stop()
+{
+ stop_daemon --expect-user "$RUNAS" --lockfile "$LOCKFILE" --pidfile "$PIDFILE" -- "$NAME"
+ RETVAL=$?
+ return "$RETVAL"
+}
+
+restart()
+{
+ stop
+ start
+ RETVAL=$?
+ return "$RETVAL"
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+
+ restart|reload)
+ restart
+ ;;
+ condrestart|condreload)
+ if [ -e "$LOCKFILE" ]; then
+ restart
+ fi
+ ;;
+ condstop)
+ if [ -e "$LOCKFILE" ]; then
+ stop
+ fi
+ ;;
+ status)
+ status --expect-user "$RUNAS" --lockfile "$LOCKFILE" --pidfile "$PIDFILE" -- "$NAME"
+ RETVAL=$?
+ ;;
+ *)
+ msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
+ RETVAL=1
+esac
+
+exit $RETVAL
diff --git a/memcached.service b/memcached.service
new file mode 100644
index 0000000..695f450
--- /dev/null
+++ b/memcached.service
@@ -0,0 +1,39 @@
+# It's not recommended to modify this file in-place, because it will be
+# overwritten during upgrades. If you want to customize, the best
+# way is to use the "systemctl edit" command to create an override unit.
+#
+# For example, to pass additional options, create an override unit
+# (as is done by systemctl edit) and enter the following:
+#
+# [Service]
+# Environment=LISTEN="127.0.0.1,::1"
+# Environment=EXTRAOPTIONS="--threads=8"
+#
+
+[Unit]
+Description=memcached daemon
+Before=httpd2.service
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/sysconfig/memcached
+ExecStart=/usr/bin/memcached -u $RUNAS -l $LISTEN -p $PORT -m $CACHESIZE -c $MAXCONN $EXTRAOPTIONS
+
+PrivateTmp=true
+ProtectSystem=full
+NoNewPrivileges=true
+PrivateDevices=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
+# Restricts the set of socket address families accessible to the processes of this unit.
+# Protects against vulnerabilities such as CVE-2016-8655
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictRealtime=true
+RestrictNamespaces=true
+
+
+[Install]
+WantedBy=multi-user.target
diff --git a/memcached.spec b/memcached.spec
new file mode 100644
index 0000000..5eb3dcb
--- /dev/null
+++ b/memcached.spec
@@ -0,0 +1,300 @@
+%define _unpackaged_files_terminate_build 1
+%def_enable seccomp
+%def_enable extstore
+%def_enable sasl
+%def_enable tls
+
+Name: memcached
+Version: 1.6.21
+Release: alt1
+
+Summary: memcached - memory caching daemon
+License: BSD
+Group: System/Servers
+Url: http://www.memcached.org/
+#https://github.com/memcached/memcached.git
+Source: %name-%version.tar
+Patch: %name-%version.patch
+
+%define pkg_user memcached
+%define pkg_group memcached
+
+BuildRequires: libevent-devel perl-devel perl-AnyEvent perl-YAML perl-Term-ReadKey perl-IO-Socket-SSL
+%{?_enable_seccomp:BuildRequires: libseccomp-devel}
+%{?_enable_sasl:BuildRequires: libsasl2-devel}
+%{?_enable_tls:BuildRequires: libssl-devel >= 1.1.0}
+
+%description
+memcached is a flexible memory object caching daemon designed to alle-
+viate database load in dynamic web applications by storing objects in
+specifically optimized to avoid swapping and always use non-blocking
+I/O.
+
+%package devel
+Summary: Files needed for development using memcached protocol
+Group: Development/C
+BuildArch: noarch
+Requires: %name = %version-%release
+
+%description devel
+This package contains files needed for development using memcached
+protocol.
+
+%package tool
+Summary: Stats and management tool for memcached
+Group: Development/Tools
+BuildArch: noarch
+
+%description tool
+memcached-tool is a Perl script used to print statistics from a running
+memcached instance.
+
+%prep
+%setup
+%patch -p1
+sed -i 's,`git describe`,"%version-%release",g' version.pl
+
+%build
+perl version.pl
+%autoreconf
+%configure \
+%ifnarch %e2k
+ --enable-werror \
+%endif
+ %{subst_enable seccomp} \
+ %{subst_enable extstore} \
+ %{subst_enable sasl} \
+ %{subst_enable tls}
+
+%make_build
+
+%install
+%makeinstall_std
+install -pD -m755 %name.init %buildroot%_initdir/%name
+install -pD -m640 %name.sysconfig %buildroot%_sysconfdir/sysconfig/%name
+install -pD -m644 %name.service %buildroot%_unitdir/%name.service
+install -pD -m644 %{name}@.service %buildroot%_unitdir/%{name}@.service
+
+# tool
+install -pD -m755 scripts/memcached-tool %buildroot%_bindir/memcached-tool
+install -pD -m644 scripts/memcached-tool.1 %buildroot%_man1dir/memcached-tool.1
+
+%check
+%make test ||:
+
+%pre
+groupadd -r -f %pkg_group
+useradd -r -g %pkg_group -d /dev/null -s /dev/null -n %pkg_user >/dev/null 2>&1 ||:
+if [ $1 -eq 2 ] && [ ! -f /var/run/%name/%name.pid ] && [ -f /var/run/%name.pid ]; then
+ mkdir /var/run/%name/
+ mv /var/run/%name.pid /var/run/%name/%name.pid
+fi
+
+%post
+%post_service %name
+
+%preun
+%preun_service %name
+
+%files
+%config(noreplace) %attr(640,root,adm) %_sysconfdir/sysconfig/%name
+%_bindir/%name
+%_man1dir/%name.*
+%_initdir/*
+%_unitdir/*
+%doc AUTHORS doc/CONTRIBUTORS ChangeLog NEWS README.md doc/*.txt
+
+%files devel
+%_includedir/*
+
+%files tool
+%_bindir/%name-tool
+%_man1dir/%name-tool.*
+
+%changelog
+* Thu Sep 07 2023 Alexey Shabalin <shaba@altlinux.org> 1.6.21-alt1
+- New version 1.6.21.
+
+* Fri Mar 24 2023 Alexey Shabalin <shaba@altlinux.org> 1.6.19-alt1
+- New version 1.6.19.
+
+* Wed Jan 11 2023 Alexey Shabalin <shaba@altlinux.org> 1.6.18-alt1
+- new version 1.6.18
+
+* Wed Jun 15 2022 Alexey Shabalin <shaba@altlinux.org> 1.6.15-alt1
+- new version 1.6.15
+
+* Wed Dec 22 2021 Alexey Shabalin <shaba@altlinux.org> 1.6.12-alt1
+- new version 1.6.12
+
+* Fri Oct 22 2021 Ilya Kurdyukov <ilyakurdyukov@altlinux.org> 1.6.10-alt2
+- removed -Werror for Elbrus build
+
+* Sat Sep 04 2021 Alexey Shabalin <shaba@altlinux.org> 1.6.10-alt1
+- new version 1.6.10
+
+* Tue Nov 24 2020 Alexey Shabalin <shaba@altlinux.org> 1.6.9-alt1
+- new version 1.6.9
+
+* Sat May 16 2020 Alexey Shabalin <shaba@altlinux.org> 1.6.6-alt1
+- new version 1.6.6
+
+* Sat Apr 18 2020 Alexey Shabalin <shaba@altlinux.org> 1.6.5-alt1
+- new version 1.6.5
+
+* Wed Apr 08 2020 Alexey Shabalin <shaba@altlinux.org> 1.6.3-alt1
+- new version 1.6.3
+
+* Wed Mar 25 2020 Alexey Shabalin <shaba@altlinux.org> 1.6.2-alt1
+- new version 1.6.2 (ALT #38273)
+
+* Wed Mar 18 2020 Alexey Shabalin <shaba@altlinux.org> 1.6.1-alt1
+- new version 1.6.1.
+- enable extstore
+
+* Sun Feb 09 2020 Alexey Shabalin <shaba@altlinux.org> 1.5.22-alt1
+- new version 1.5.22
+
+* Sat Jan 25 2020 Alexey Shabalin <shaba@altlinux.org> 1.5.21-alt1
+- new version 1.5.21
+
+* Fri Oct 11 2019 Alexey Shabalin <shaba@altlinux.org> 1.5.19-alt1
+- new version 1.5.19
+
+* Tue Sep 10 2019 Alexey Shabalin <shaba@altlinux.org> 1.5.17-alt1
+- new version 1.5.17
+
+* Wed Jul 17 2019 Alexey Shabalin <shaba@altlinux.org> 1.5.16-alt1
+- 1.5.16
+
+* Thu May 23 2019 Gleb F-Malinovskiy <glebfm@altlinux.org> 1.5.14-alt2
+- Fixed build on ppc64le.
+
+* Wed May 15 2019 Alexey Shabalin <shaba@altlinux.org> 1.5.14-alt1
+- 1.5.14
+
+* Thu Apr 18 2019 Alexey Shabalin <shaba@altlinux.org> 1.5.13-alt1
+- 1.5.13
+- build with tls support
+
+* Thu Nov 29 2018 Alexey Shabalin <shaba@altlinux.org> 1.5.12-alt1
+- 1.5.12
+
+* Fri Aug 24 2018 Alexey Shabalin <shaba@altlinux.org> 1.5.10-alt1
+- 1.5.10
+
+* Fri Jul 27 2018 Alexey Shabalin <shaba@altlinux.org> 1.5.9-alt1
+- 1.5.9
+
+* Sun Apr 01 2018 Alexey Shabalin <shaba@altlinux.ru> 1.5.7-alt1
+- 1.5.7
+
+* Sun Mar 04 2018 Alexey Shabalin <shaba@altlinux.ru> 1.5.6-alt1
+- 1.5.6
+- disable UDP port by default (fixed CVE-2018-1000115)
+- drop scripts package
+- add tool package
+- add memcached@.service for allow start "instanced" version, like 'memcached@11211'
+
+* Tue Jan 09 2018 Alexey Shabalin <shaba@altlinux.ru> 1.5.4-alt1
+- 1.5.4
+
+* Tue Nov 07 2017 Alexey Shabalin <shaba@altlinux.ru> 1.5.3-alt1
+- 1.5.3
+- build with sasl
+
+* Thu Nov 02 2017 Alexey Shabalin <shaba@altlinux.ru> 1.5.2-alt1
+- 1.5.2
+- build with seccomp
+
+* Thu Jul 20 2017 Alexey Shabalin <shaba@altlinux.ru> 1.4.39-alt1
+- 1.4.39
+
+* Wed Jun 14 2017 Alexey Shabalin <shaba@altlinux.ru> 1.4.37-alt1
+- 1.4.37
+
+* Wed Mar 22 2017 Alexey Shabalin <shaba@altlinux.ru> 1.4.36-alt1
+- 1.4.36
+
+* Mon Feb 27 2017 Alexey Shabalin <shaba@altlinux.ru> 1.4.35-alt1
+- 1.4.35
+
+* Mon Feb 13 2017 Alexey Shabalin <shaba@altlinux.ru> 1.4.34-alt1
+- 1.4.34
+
+* Wed Nov 02 2016 Alexey Shabalin <shaba@altlinux.ru> 1.4.33-alt1
+- 1.4.33
+- fixed CVE-2016-8705,CVE-2016-8704,CVE-2016-8706
+- update systemd unit
+
+* Wed Jun 15 2016 Lenar Shakirov <snejok@altlinux.ru> 1.4.13-alt4
+- Systemd unit file fixed
+
+* Thu Nov 28 2013 Eugeny A. Rostovtsev (REAL) <real at altlinux.org> 1.4.13-alt3.1
+- Fixed build
+
+* Tue May 15 2012 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.13-alt3
+- Fix systemd unit file (ALT #27335)
+
+* Sat May 05 2012 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.13-alt2
+- Add systemd unit file
+
+* Mon Mar 26 2012 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.13-alt1
+- 1.4.13
+
+* Wed Nov 23 2011 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.10-alt1
+- 1.4.10
+
+* Mon Sep 19 2011 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.7-alt1
+- 1.4.7
+
+* Tue Aug 02 2011 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.6-alt1
+- 1.4.6
+
+* Mon Jun 27 2011 Dmitry V. Levin <ldv@altlinux.org> 1.4.5-alt6
+- Packaged auxiliary scripts in separate subpackage.
+
+* Thu Jun 16 2011 Dmitry V. Levin <ldv@altlinux.org> 1.4.5-alt5
+- Fixed lowering privileges and pidfile writing.
+- Rewritten startup script.
+- Replaced /etc/memcached.conf with /etc/sysconfig/memcached
+- Packaged %%name-devel as noarch.
+
+* Tue Jun 14 2011 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.5-alt4
+- fix VERSION UNKNOWN error
+
+* Mon Mar 21 2011 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.5-alt3
+- Add memcached package to devel's Requires (ALT #25264)
+
+* Mon Nov 08 2010 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.5-alt2
+- Fix type-punning issues exposed with GCC 4.5.1
+
+* Wed Oct 06 2010 Vitaly Kuznetsov <vitty@altlinux.ru> 1.4.5-alt1
+- 1.4.5 (ALT #23996)
+- CVE-2010-1152
+
+* Mon Sep 28 2009 Denis Klimov <zver@altlinux.org> 1.4.1-alt1
+- new version (Closes: #20835)
+- add devel subpackage
+
+* Tue May 05 2009 Denis Klimov <zver@altlinux.org> 1.2.8-alt1
+- new version
+- critial bug fix leak memory from /proc/self/maps (ALT #19916)
+- remove packager tag
+- not package needless scripts
+
+* Fri Aug 08 2008 Denis Klimov <zver@altlinux.org> 1.2.6-alt1
+- new version
+- remove needless -q key for setup macros
+- fix use pkg_group instead pkg_user
+- remove include sysconfig file in init script
+
+* Sat Jun 02 2007 L.A. Kostis <lakostis@altlinux.ru> 1.2.2-alt1
+- new version from 1.2 branch (fix ALT #11932).
+- build with threads support.
+- add packager field.
+- add debug switch for testing purposes (disabled by default).
+
+* Wed Nov 02 2005 LAKostis <lakostis@altlinux.ru> 1.1.12-alt1
+- first build for ALTLinux.
+
diff --git a/memcached.sysconfig b/memcached.sysconfig
new file mode 100644
index 0000000..54f0f81
--- /dev/null
+++ b/memcached.sysconfig
@@ -0,0 +1,15 @@
+# These defaults will be used by every memcached instance, unless overridden
+# by values in /etc/sysconfig/memcached.<port>
+# Parameters for memcached daemon.
+# See memcached(1) for more details.
+
+RUNAS="memcached"
+LISTEN="127.0.0.1"
+MAXCONN="1024"
+CACHESIZE="64"
+EXTRAOPTIONS=""
+
+# The PORT variable will only be used by memcached.service, not by
+# memcached@xxxxx services, which will use the xxxxx
+PORT="11211"
+
diff --git a/memcached@.service b/memcached@.service
new file mode 100644
index 0000000..4a7ad53
--- /dev/null
+++ b/memcached@.service
@@ -0,0 +1,44 @@
+# It's not recommended to modify this file in-place, because it will be
+# overwritten during upgrades. If you want to customize, the best
+# way is to use the "systemctl edit" command to create an override unit.
+#
+# For example, to pass additional options, create an override unit
+# (as is done by systemctl edit) and enter the following:
+#
+# [Service]
+# Environment=LISTEN="127.0.0.1,::1"
+# Environment=EXTRAOPTIONS="--threads=8"
+#
+# To use the "instanced" version of this, just start 'memcached@11211' or
+# whatever port you'd like. If /etc/sysconfig/memcached.<port> exists, it
+# will be read first, so you can set different parameters for a given
+# instance.
+
+[Unit]
+Description=memcached daemon
+Before=httpd2.service
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/sysconfig/memcached
+EnvironmentFile=-/etc/sysconfig/memcached.%i
+ExecStart=/usr/bin/memcached -u $RUNAS -l $LISTEN -p %i -m $CACHESIZE -c $MAXCONN $EXTRAOPTIONS
+
+PrivateTmp=true
+ProtectSystem=full
+NoNewPrivileges=true
+PrivateDevices=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
+# Restricts the set of socket address families accessible to the processes of this unit.
+# Protects against vulnerabilities such as CVE-2016-8655
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictRealtime=true
+estrictNamespaces=true
+
+
+[Install]
+WantedBy=multi-user.target