summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <tpearson@raptorengineering.com>2019-04-30 18:27:09 +0000
committerTimothy Pearson <tpearson@raptorengineering.com>2019-04-30 18:27:09 +0000
commitc5aa0ec48d810654ded083b86b069c86e08d492a (patch)
treea16aa1466431468f2e425d5601a3bf068b6f9025
parentc9ab726b5db8eb692171079fdc6a781b8277d4c8 (diff)
downloadblackbird-openbmc-c5aa0ec48d810654ded083b86b069c86e08d492a.tar.gz
blackbird-openbmc-c5aa0ec48d810654ded083b86b069c86e08d492a.zip
Try to keep BMC on NCSI port 0 for security isolation
-rw-r--r--meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service13
-rw-r--r--meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend8
2 files changed, 21 insertions, 0 deletions
diff --git a/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service b/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service
new file mode 100644
index 000000000..44b34195e
--- /dev/null
+++ b/meta-rcs/meta-talos/recipes-phosphor/network/network/ncsi-netlink.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Stop the ethernet link failover
+Wants=xyz.openbmc_project.Network.service
+After=xyz.openbmc_project.Network.service
+
+[Service]
+Restart=no
+ExecStart=/usr/bin/env ncsi-netlink --set -x 2 -p 0 -c 0
+SyslogIdentifier=ncsi-netlink
+Type=oneshot
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend b/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend
new file mode 100644
index 000000000..5137f4e00
--- /dev/null
+++ b/meta-rcs/meta-talos/recipes-phosphor/network/phosphor-network_%.bbappend
@@ -0,0 +1,8 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/network:"
+SRC_URI += "file://ncsi-netlink.service"
+SYSTEMD_SERVICE_${PN} += "ncsi-netlink.service"
+
+do_install_append() {
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/ncsi-netlink.service ${D}${systemd_system_unitdir}
+}
OpenPOWER on IntegriCloud