Merging upstream version 2.9.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-05 11:08:58 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-05 11:09:05 +0000
commit: 81e5ef4ae340ae4041f8029e7c14a3bc8baab46d (patch)
tree: 3b0b740dd83d6a1244e81e4270497ad8db31a9b7 /nvmf-autoconnect/systemd/nvmf-connect@.service.in
parent: Releasing debian version 2.8-2. (diff)
download: nvme-cli-81e5ef4ae340ae4041f8029e7c14a3bc8baab46d.tar.xz
nvme-cli-81e5ef4ae340ae4041f8029e7c14a3bc8baab46d.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/nvmf-autoconnect/systemd/nvmf-connect@.service.in b/nvmf-autoconnect/systemd/nvmf-connect@.service.in
index 5ba7086..3cec347 100644
--- a/nvmf-autoconnect/systemd/nvmf-connect@.service.in
+++ b/nvmf-autoconnect/systemd/nvmf-connect@.service.in
@@ -11,6 +11,18 @@ PartOf=nvmf-connect.target
 Requires=nvmf-connect.target
 
 [Service]
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectProc=invisible
+RestrictRealtime=true
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
 Type=simple
 Environment="CONNECT_ARGS=%i"
 ExecStart=/bin/sh -c "@SBINDIR@/nvme connect-all --context=autoconnect --quiet `/bin/echo -e '${CONNECT_ARGS}'`"
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-05 11:08:58 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-05 11:09:05 +0000
commit	81e5ef4ae340ae4041f8029e7c14a3bc8baab46d (patch)
tree	3b0b740dd83d6a1244e81e4270497ad8db31a9b7 /nvmf-autoconnect/systemd/nvmf-connect@.service.in
parent	Releasing debian version 2.8-2. (diff)
download	nvme-cli-81e5ef4ae340ae4041f8029e7c14a3bc8baab46d.tar.xz nvme-cli-81e5ef4ae340ae4041f8029e7c14a3bc8baab46d.zip