From a45fb29c9f34bc175ac7b69723de175d62e838eb Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 5 May 2024 13:08:54 +0200
Subject: Adding upstream version 2.9.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 nvmf-autoconnect/systemd/nvmf-connect@.service.in | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'nvmf-autoconnect/systemd/nvmf-connect@.service.in')

diff --git a/nvmf-autoconnect/systemd/nvmf-connect@.service.in b/nvmf-autoconnect/systemd/nvmf-connect@.service.in
index 5ba7086..3cec347 100644
--- a/nvmf-autoconnect/systemd/nvmf-connect@.service.in
+++ b/nvmf-autoconnect/systemd/nvmf-connect@.service.in
@@ -11,6 +11,18 @@ PartOf=nvmf-connect.target
 Requires=nvmf-connect.target
 
 [Service]
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectProc=invisible
+RestrictRealtime=true
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
 Type=simple
 Environment="CONNECT_ARGS=%i"
 ExecStart=/bin/sh -c "@SBINDIR@/nvme connect-all --context=autoconnect --quiet `/bin/echo -e '${CONNECT_ARGS}'`"
-- 
cgit v1.2.3