summaryrefslogtreecommitdiffstats
path: root/nvmf-autoconnect
diff options
context:
space:
mode:
Diffstat (limited to 'nvmf-autoconnect')
-rw-r--r--nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in12
-rw-r--r--nvmf-autoconnect/systemd/nvmf-autoconnect.service.in12
-rw-r--r--nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in12
-rw-r--r--nvmf-autoconnect/systemd/nvmf-connect@.service.in12
-rw-r--r--nvmf-autoconnect/udev-rules/70-nvmf-autoconnect.rules.in6
5 files changed, 51 insertions, 3 deletions
diff --git a/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in b/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in
index 7036625..783feb0 100644
--- a/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in
+++ b/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in
@@ -6,6 +6,18 @@ After=systemd-udevd.service
Before=local-fs-pre.target
[Service]
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectProc=invisible
+RestrictRealtime=true
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RemoveIPC=yes
+RestrictAddressFamilies=none
Type=oneshot
ExecStart=/bin/sh -c "echo add > /sys/class/fc/fc_udev_device/nvme_discovery"
diff --git a/nvmf-autoconnect/systemd/nvmf-autoconnect.service.in b/nvmf-autoconnect/systemd/nvmf-autoconnect.service.in
index 92960cd..1ac1588 100644
--- a/nvmf-autoconnect/systemd/nvmf-autoconnect.service.in
+++ b/nvmf-autoconnect/systemd/nvmf-autoconnect.service.in
@@ -8,6 +8,18 @@ After=network-online.target
Before=remote-fs-pre.target
[Service]
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectProc=invisible
+RestrictRealtime=true
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
Type=oneshot
ExecStart=@SBINDIR@/nvme connect-all --context=autoconnect
diff --git a/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in b/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in
index 820e6ce..e3934fe 100644
--- a/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in
+++ b/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in
@@ -10,5 +10,17 @@ After=network-online.target
Before=remote-fs-pre.target
[Service]
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectProc=invisible
+RestrictRealtime=true
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
Type=oneshot
ExecStart=@SBINDIR@/nvme connect-all --nbft
diff --git a/nvmf-autoconnect/systemd/nvmf-connect@.service.in b/nvmf-autoconnect/systemd/nvmf-connect@.service.in
index 5ba7086..3cec347 100644
--- a/nvmf-autoconnect/systemd/nvmf-connect@.service.in
+++ b/nvmf-autoconnect/systemd/nvmf-connect@.service.in
@@ -11,6 +11,18 @@ PartOf=nvmf-connect.target
Requires=nvmf-connect.target
[Service]
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectProc=invisible
+RestrictRealtime=true
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
Type=simple
Environment="CONNECT_ARGS=%i"
ExecStart=/bin/sh -c "@SBINDIR@/nvme connect-all --context=autoconnect --quiet `/bin/echo -e '${CONNECT_ARGS}'`"
diff --git a/nvmf-autoconnect/udev-rules/70-nvmf-autoconnect.rules.in b/nvmf-autoconnect/udev-rules/70-nvmf-autoconnect.rules.in
index 9235a5c..d353dc8 100644
--- a/nvmf-autoconnect/udev-rules/70-nvmf-autoconnect.rules.in
+++ b/nvmf-autoconnect/udev-rules/70-nvmf-autoconnect.rules.in
@@ -15,18 +15,18 @@ ENV{NVME_HOST_IFACE}=="", ENV{NVME_HOST_IFACE}="none"
ACTION=="change", SUBSYSTEM=="nvme", ENV{NVME_AEN}=="0x70f002", \
ENV{NVME_TRTYPE}=="*", ENV{NVME_TRADDR}=="*", \
ENV{NVME_TRSVCID}=="*", ENV{NVME_HOST_TRADDR}=="*", ENV{NVME_HOST_IFACE}=="*", \
- RUN+="@SYSTEMCTL@ --no-block restart nvmf-connect@--device=$kernel\t--transport=$env{NVME_TRTYPE}\t--traddr=$env{NVME_TRADDR}\t--trsvcid=$env{NVME_TRSVCID}\t--host-traddr=$env{NVME_HOST_TRADDR}\t--host-iface=$env{NVME_HOST_IFACE}.service"
+ RUN+="@SYSTEMCTL@ --no-block restart nvmf-connect@--device\x3d$kernel\t--transport\x3d$env{NVME_TRTYPE}\t--traddr\x3d$env{NVME_TRADDR}\t--trsvcid\x3d$env{NVME_TRSVCID}\t--host-traddr\x3d$env{NVME_HOST_TRADDR}\t--host-iface\x3d$env{NVME_HOST_IFACE}.service"
# nvme-fc transport generated events (old-style for compatibility)
ACTION=="change", SUBSYSTEM=="fc", ENV{FC_EVENT}=="nvmediscovery", \
ENV{NVMEFC_HOST_TRADDR}=="*", ENV{NVMEFC_TRADDR}=="*", \
- RUN+="@SYSTEMCTL@ --no-block restart nvmf-connect@--device=none\t--transport=fc\t--traddr=$env{NVMEFC_TRADDR}\t--trsvcid=none\t--host-traddr=$env{NVMEFC_HOST_TRADDR}.service"
+ RUN+="@SYSTEMCTL@ --no-block restart nvmf-connect@--device\x3dnone\t--transport\x3dfc\t--traddr\x3d$env{NVMEFC_TRADDR}\t--trsvcid\x3dnone\t--host-traddr\x3d$env{NVMEFC_HOST_TRADDR}.service"
# A discovery controller just (re)connected, re-read the discovery log change to
# check if there were any changes since it was last connected.
ACTION=="change", SUBSYSTEM=="nvme", ENV{NVME_EVENT}=="rediscover", ATTR{cntrltype}=="discovery", \
ENV{NVME_TRTYPE}=="*", ENV{NVME_TRADDR}=="*", \
ENV{NVME_TRSVCID}=="*", ENV{NVME_HOST_TRADDR}=="*", ENV{NVME_HOST_IFACE}=="*", \
- RUN+="@SYSTEMCTL@ --no-block restart nvmf-connect@--device=$kernel\t--transport=$env{NVME_TRTYPE}\t--traddr=$env{NVME_TRADDR}\t--trsvcid=$env{NVME_TRSVCID}\t--host-traddr=$env{NVME_HOST_TRADDR}\t--host-iface=$env{NVME_HOST_IFACE}.service"
+ RUN+="@SYSTEMCTL@ --no-block restart nvmf-connect@--device\x3d$kernel\t--transport\x3d$env{NVME_TRTYPE}\t--traddr\x3d$env{NVME_TRADDR}\t--trsvcid\x3d$env{NVME_TRSVCID}\t--host-traddr\x3d$env{NVME_HOST_TRADDR}\t--host-iface\x3d$env{NVME_HOST_IFACE}.service"
LABEL="autoconnect_end"
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 10:06:56 +0000