Modules configuration, remove caps and redundant systemd directives

Author: Peter-Sh

configs/redis-ce.fc

@@ -0,0 +1,2 @@
+/etc/redis/sentinel     -d      system_u:object_r:redis_conf_t:s0
+/etc/redis/sentinel.conf     --      system_u:object_r:redis_conf_t:s0

configs/redis-sentinel.service

@@ -0,0 +1,33 @@
+[Unit]
+Description=Advanced key-value store
+After=network.target
+Documentation=http://redis.io/documentation
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/redis-sentinel /etc/redis/sentinel/sentinel.conf
+TimeoutStopSec=0
+Restart=always
+User=redis
+Group=redis
+RuntimeDirectory=sentinel
+RuntimeDirectoryMode=2755
+
+UMask=007
+PrivateTmp=yes
+LimitNOFILE=65535
+PrivateDevices=yes
+ProtectHome=yes
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/redis
+ReadWriteDirectories=-/var/log/redis
+ReadWriteDirectories=-/run/sentinel
+
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SYS_RESOURCE
+ProtectSystem=true
+ReadWriteDirectories=-/etc/redis
+
+[Install]
+WantedBy=multi-user.target
+Alias=redis-sentinel.service