diff -ur watchdog-5.15.old/watchdog.8 watchdog-5.15/watchdog.8 --- watchdog-5.15.old/watchdog.8 2016-02-26 12:05:00.000000000 +0000 +++ watchdog-5.15/watchdog.8 2018-02-13 08:54:00.860681339 +0000 @@ -215,6 +215,7 @@ .BR watchdog . So you can for instance restart the server from your .IR repair-binary . +See the Systemd section below for additinal information. .PP .B watchdog will try periodically to fork itself to see whether the process @@ -241,6 +242,8 @@ considered unreachable causing a soft reboot or action from the repair binary. .PP +To start the watchdog when network is available see the Systemd section below. +.PP .B watchdog can run an external command for user-defined tests. A return code not equal 0 means an error occurred and watchdog should react. If the external command is @@ -350,6 +353,9 @@ 246 Free for personal watchdog-specific use (was \-10 as an unsigned 8\-bit number). +.PP +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your test-binary configuration. .TP 245 Reserved for an unknown result, for example a slow background test that is @@ -377,6 +383,9 @@ controls the number of successive repair attempts that report 0 (i.e. success) but fail to clear the tested fault. If this is exceeded then a reboot takes place. If set to zero then a reboot can always be blocked by the repair program reporting success. +.PP +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your repair-binary configuration. .SH "TEST DIRECTORY" Executables placed in the test directory are discovered by watchdog on startup and are automatically executed. They are bounded time-wise by @@ -415,6 +424,27 @@ repair-maximum also controls the number of successive repair attempts that report success (return 0) but fail to clear the fault. +.SH SYSTEMD +To start watchdog after the network is available: +.PP +.br +systemctl disable watchdog +.br +systemctl enable NetworkManager-wait-online +.br +systemctl enable watchdog-ping +.PP + +When using custom service pid check with custom service +systemd unit file please be aware the "Requires=" +does dependent service deactivation. +Using "Before=watchdog.service" or "Before=watchdog-ping.service" +in the custom service unit file may be the desired operation instead. +See systemd.unit documentation for more details. + +.SH SELINUX +The directories /etc/watchdog.d/ and /usr/libexec/watchdog/scripts/ are +recognized locations for custom executables. .SH BUGS None known so far. .SH AUTHORS @@ -433,4 +463,4 @@ The pid file of the running .BR watchdog . .SH "SEE ALSO" -.BR watchdog.conf (5) +.BR watchdog.conf (5), systemd.unit (5) diff -ur watchdog-5.15.old/watchdog.conf watchdog-5.15/watchdog.conf --- watchdog-5.15.old/watchdog.conf 2016-02-26 12:05:00.000000000 +0000 +++ watchdog-5.15/watchdog.conf 2018-02-13 08:52:18.899721271 +0000 @@ -16,6 +16,8 @@ #min-memory = 1 #allocatable-memory = 1 +# With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +# or /etc/watchdog.d/ for your test-binary and repair-binary configuration. #repair-binary = /usr/sbin/repair #repair-timeout = 60 #test-binary = @@ -45,5 +47,12 @@ realtime = yes priority = 1 +# When using custom service pid check with custom service +# systemd unit file please be aware the "Requires=" +# does dependent service deactivation. +# Using "Before=watchdog.service" or "Before=watchdog-ping.service" +# in the custom service unit file may be the desired operation instead. +# See man 5 systemd.unit for more details. +# # Check if rsyslogd is still running by enabling the following line #pidfile = /var/run/rsyslogd.pid diff -ur watchdog-5.15.old/watchdog.conf.5 watchdog-5.15/watchdog.conf.5 --- watchdog-5.15.old/watchdog.conf.5 2016-02-26 12:05:00.000000000 +0000 +++ watchdog-5.15/watchdog.conf.5 2018-02-13 08:52:18.898721271 +0000 @@ -105,6 +105,7 @@ pidfile = Set pidfile name for server test mode. This option can be given as often as you like to check several servers. +See the Systemd section in watchdog (8) for more information. .TP ping = Set IPv4 address for ping mode. @@ -119,6 +120,8 @@ .TP test-binary = Execute the given binary to do some user defined tests. +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your test-binary configuration. .TP test-timeout = User defined tests may only run for seconds. Set to 0 for unlimited. @@ -126,6 +129,8 @@ repair-binary = Execute the given binary in case of a problem instead of shutting down the system. +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your repair-binary configuration. .TP repair-timeout = repair command may only run for seconds. Set to 0 for 'unlimited', but @@ -156,6 +161,7 @@ .TP test-directory = Set the directory to run user test/repair scripts. Default is '/etc/watchdog.d' +The /etc/watchdog.d/ is recognized by SELinux policy. See the Test Directory section in watchdog(8) for more information. .TP log-dir =