1 files changed, 12 insertions, 0 deletions

diff --git a/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in b/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in
index 7036625..783feb0 100644
--- a/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in
+++ b/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in
@@ -6,6 +6,18 @@ After=systemd-udevd.service
 Before=local-fs-pre.target
 
 [Service]
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectProc=invisible
+RestrictRealtime=true
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RemoveIPC=yes
+RestrictAddressFamilies=none
 Type=oneshot
 ExecStart=/bin/sh -c "echo add > /sys/class/fc/fc_udev_device/nvme_discovery"