diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 11:08:54 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 11:08:54 +0000 |
| commit | a45fb29c9f34bc175ac7b69723de175d62e838eb (patch) | |
| tree | 364371981040c3dc6e97bb289bda0d33933ebfac /nvmf-autoconnect/systemd | |
| parent | Adding upstream version 2.8. (diff) | |
| download | nvme-cli-a45fb29c9f34bc175ac7b69723de175d62e838eb.tar.xz nvme-cli-a45fb29c9f34bc175ac7b69723de175d62e838eb.zip | |
Adding upstream version 2.9.1.upstream/2.9.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'nvmf-autoconnect/systemd')
4 files changed, 48 insertions, 0 deletions
diff --git a/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in b/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in index 7036625..783feb0 100644 --- a/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in +++ b/nvmf-autoconnect/systemd/nvmefc-boot-connections.service.in @@ -6,6 +6,18 @@ After=systemd-udevd.service Before=local-fs-pre.target [Service] +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +ProtectProc=invisible +RestrictRealtime=true +LockPersonality=yes +MemoryDenyWriteExecute=yes +RemoveIPC=yes +RestrictAddressFamilies=none Type=oneshot ExecStart=/bin/sh -c "echo add > /sys/class/fc/fc_udev_device/nvme_discovery" diff --git a/nvmf-autoconnect/systemd/nvmf-autoconnect.service.in b/nvmf-autoconnect/systemd/nvmf-autoconnect.service.in index 92960cd..1ac1588 100644 --- a/nvmf-autoconnect/systemd/nvmf-autoconnect.service.in +++ b/nvmf-autoconnect/systemd/nvmf-autoconnect.service.in @@ -8,6 +8,18 @@ After=network-online.target Before=remote-fs-pre.target [Service] +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +ProtectProc=invisible +RestrictRealtime=true +LockPersonality=yes +MemoryDenyWriteExecute=yes +RemoveIPC=yes +RestrictAddressFamilies=AF_INET AF_INET6 Type=oneshot ExecStart=@SBINDIR@/nvme connect-all --context=autoconnect diff --git a/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in b/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in index 820e6ce..e3934fe 100644 --- a/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in +++ b/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in @@ -10,5 +10,17 @@ After=network-online.target Before=remote-fs-pre.target [Service] +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +ProtectProc=invisible +RestrictRealtime=true +LockPersonality=yes +MemoryDenyWriteExecute=yes +RemoveIPC=yes +RestrictAddressFamilies=AF_INET AF_INET6 Type=oneshot ExecStart=@SBINDIR@/nvme connect-all --nbft diff --git a/nvmf-autoconnect/systemd/nvmf-connect@.service.in b/nvmf-autoconnect/systemd/nvmf-connect@.service.in index 5ba7086..3cec347 100644 --- a/nvmf-autoconnect/systemd/nvmf-connect@.service.in +++ b/nvmf-autoconnect/systemd/nvmf-connect@.service.in @@ -11,6 +11,18 @@ PartOf=nvmf-connect.target Requires=nvmf-connect.target [Service] +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +ProtectProc=invisible +RestrictRealtime=true +LockPersonality=yes +MemoryDenyWriteExecute=yes +RemoveIPC=yes +RestrictAddressFamilies=AF_INET AF_INET6 Type=simple Environment="CONNECT_ARGS=%i" ExecStart=/bin/sh -c "@SBINDIR@/nvme connect-all --context=autoconnect --quiet `/bin/echo -e '${CONNECT_ARGS}'`" |