diff options
author | Timothy Pearson <tpearson@raptorengineering.com> | 2019-04-30 18:27:09 +0000 |
---|---|---|
committer | Timothy Pearson <tpearson@raptorengineering.com> | 2019-04-30 18:27:09 +0000 |
commit | c5aa0ec48d810654ded083b86b069c86e08d492a (patch) | |
tree | a16aa1466431468f2e425d5601a3bf068b6f9025 | |
parent | c9ab726b5db8eb692171079fdc6a781b8277d4c8 (diff) | |
download | blackbird-openbmc-c5aa0ec48d810654ded083b86b069c86e08d492a.tar.gz blackbird-openbmc-c5aa0ec48d810654ded083b86b069c86e08d492a.zip |
Try to keep BMC on NCSI port 0 for security isolation
-rw-r--r-- | meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service | 13 | ||||
-rw-r--r-- | meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend | 8 |
2 files changed, 21 insertions, 0 deletions
diff --git a/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service b/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service new file mode 100644 index 000000000..44b34195e --- /dev/null +++ b/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service @@ -0,0 +1,13 @@ +[Unit] +Description=Stop the ethernet link failover +Wants=xyz.openbmc_project.Network.service +After=xyz.openbmc_project.Network.service + +[Service] +Restart=no +ExecStart=/usr/bin/env ncsi-netlink --set -x 2 -p 0 -c 0 +SyslogIdentifier=ncsi-netlink +Type=oneshot + +[Install] +WantedBy=multi-user.target diff --git a/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend b/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend new file mode 100644 index 000000000..5137f4e00 --- /dev/null +++ b/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend @@ -0,0 +1,8 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/network:" +SRC_URI += "file://ncsi-netlink.service" +SYSTEMD_SERVICE_${PN} += "ncsi-netlink.service" + +do_install_append() { + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/ncsi-netlink.service ${D}${systemd_system_unitdir} +} |