Overview
Request 1038199 accepted
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_nvmet.service.patch
- Created by jsegitz
- In state accepted
- 6 package maintainers
Loading...
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_nvmet.service.patch
ProtectKernelModules=true
Does this inhibit module loading by the
ExecStart
process, or by the service itself? I'm asking because this service actually depends on modules to be loaded (configfs
,nvmet
,nvme_fabrics
) to work.So this service file should actually run
modprobe
in ExecStartPre to make sure the service will actually work. It currently doesn't. Alternatively, we could solve this by adding a file to/usr/lib/modules-load.d
, but IMO that's less useful because the modules will be loaded even if the service isn't started.yes that would prevent that. If you plan on adding this I would remove that. Should I wait for your change and submit on top of that?
@hreinecke, @morbidrsa: review reminder