diff -ur watchdog-5.15.old/watchdog.8 watchdog-5.15/watchdog.8

--- watchdog-5.15.old/watchdog.8	2016-02-26 12:05:00.000000000 +0000

+++ watchdog-5.15/watchdog.8	2018-02-13 08:54:00.860681339 +0000

@@ -215,6 +215,7 @@

 .BR watchdog .

 So you can for instance restart the server from your

 .IR repair-binary .

+See the Systemd section below for additinal information.

 .PP

 .B watchdog

 will try periodically to fork itself to see whether the process

@@ -241,6 +242,8 @@

 considered unreachable causing a soft reboot or action from the

 repair binary.

 .PP

+To start the watchdog when network is available see the Systemd section below.

+.PP

 .B watchdog

 can run an external command for user-defined tests. A return code not equal 0

 means an error occurred and watchdog should react. If the external command is

@@ -350,6 +353,9 @@

 246

 Free for personal watchdog-specific use (was \-10 as an unsigned 8\-bit

 number).

+.PP

+With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/

+for your test-binary configuration.

 .TP

 245

 Reserved for an unknown result, for example a slow background test that is

@@ -377,6 +383,9 @@

 controls the number of successive repair attempts that report 0 (i.e. success) but

 fail to clear the tested fault. If this is exceeded then a reboot takes place. If set

 to zero then a reboot can always be blocked by the repair program reporting success.

+.PP

+With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/

+for your repair-binary configuration.

 .SH "TEST DIRECTORY"

 Executables placed in the test directory are discovered by watchdog on

 startup and are automatically executed.  They are bounded time-wise by

@@ -415,6 +424,27 @@

 repair-maximum

 also controls the number of successive repair attempts that report success

 (return 0) but fail to clear the fault.

+.SH SYSTEMD

+To start watchdog after the network is available:

+.PP

+.br

+systemctl disable watchdog

+.br

+systemctl enable NetworkManager-wait-online

+.br

+systemctl enable watchdog-ping

+.PP

+

+When using custom service pid check with custom service

+systemd unit file please be aware the "Requires="

+does dependent service deactivation.

+Using "Before=watchdog.service" or "Before=watchdog-ping.service"

+in the custom service unit file may be the desired operation instead.

+See systemd.unit documentation for more details.

+

+.SH SELINUX

+The directories /etc/watchdog.d/ and /usr/libexec/watchdog/scripts/ are

+recognized locations for custom executables.

 .SH BUGS

 None known so far.

 .SH AUTHORS

@@ -433,4 +463,4 @@

 The pid file of the running

 .BR watchdog .

 .SH "SEE ALSO"

-.BR watchdog.conf (5)

+.BR watchdog.conf (5), systemd.unit (5)

diff -ur watchdog-5.15.old/watchdog.conf watchdog-5.15/watchdog.conf

--- watchdog-5.15.old/watchdog.conf	2016-02-26 12:05:00.000000000 +0000

+++ watchdog-5.15/watchdog.conf	2018-02-13 08:52:18.899721271 +0000

@@ -16,6 +16,8 @@

 #min-memory		= 1

 #allocatable-memory	= 1

+# With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/

+# or /etc/watchdog.d/ for your test-binary and repair-binary configuration.

 #repair-binary		= /usr/sbin/repair

 #repair-timeout		= 60

 #test-binary		=

@@ -45,5 +47,12 @@

 realtime		= yes

 priority		= 1

+# When using custom service pid check with custom service

+# systemd unit file please be aware the "Requires="

+# does dependent service deactivation.

+# Using "Before=watchdog.service" or "Before=watchdog-ping.service"

+# in the custom service unit file may be the desired operation instead.

+# See man 5 systemd.unit for more details.

+#

 # Check if rsyslogd is still running by enabling the following line

 #pidfile		= /var/run/rsyslogd.pid

diff -ur watchdog-5.15.old/watchdog.conf.5 watchdog-5.15/watchdog.conf.5

--- watchdog-5.15.old/watchdog.conf.5	2016-02-26 12:05:00.000000000 +0000

+++ watchdog-5.15/watchdog.conf.5	2018-02-13 08:52:18.898721271 +0000

@@ -105,6 +105,7 @@

 pidfile = <pidfilename>

 Set pidfile name for server test mode.

 This option can be given as often as you like to check several servers.

+See the Systemd section in watchdog (8) for more information.

 .TP

 ping = <ip-addr>

 Set IPv4 address for ping mode.

@@ -119,6 +120,8 @@

 .TP

 test-binary = <testbin>

 Execute the given binary to do some user defined tests.

+With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/

+for your test-binary configuration.

 .TP

 test-timeout = <timeout in seconds>

 User defined tests may only run for <timeout> seconds. Set to 0 for unlimited.

@@ -126,6 +129,8 @@

 repair-binary = <repbin>

 Execute the given binary in case of a problem instead of shutting down the

 system.

+With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/

+for your repair-binary configuration.

 .TP

 repair-timeout = <timeout in seconds>

 repair command may only run for <timeout> seconds. Set to 0 for 'unlimited', but

@@ -156,6 +161,7 @@

 .TP

 test-directory = <test directory>

 Set the directory to run user test/repair scripts.  Default is '/etc/watchdog.d'

+The /etc/watchdog.d/ is recognized by SELinux policy.

 See the Test Directory section in watchdog(8) for more information.

 .TP

 log-dir = <log directory>