1 files changed, 12 insertions, 0 deletions

diff --git a/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in b/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in
index 820e6ce..e3934fe 100644
--- a/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in
+++ b/nvmf-autoconnect/systemd/nvmf-connect-nbft.service.in
@@ -10,5 +10,17 @@ After=network-online.target
 Before=remote-fs-pre.target
 
 [Service]
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectProc=invisible
+RestrictRealtime=true
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
 Type=oneshot
 ExecStart=@SBINDIR@/nvme connect-all --nbft