diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-10-25 12:17:24 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-10-25 17:20:24 +0200 |
commit | 21d0dd5a89fe0ef259ca51ebea9f39dd79a341c2 (patch) | |
tree | 986c618e27692fe17c6c8e45f34e58e68732137f /units/systemd-portabled.service.in | |
parent | 21b40f16622f171a9969dc334d74fb5eb2f575c2 (diff) | |
download | systemd-21d0dd5a89fe0ef259ca51ebea9f39dd79a341c2.tar.gz |
meson: allow WatchdogSec= in services to be configured
As discussed on systemd-devel [1], in Fedora we get lots of abrt reports
about the watchdog firing [2], but 100% of them seem to be caused by resource
starvation in the machine, and never actual deadlocks in the services being
monitored. Killing the services not only does not improve anything, but it
makes the resource starvation worse, because the service needs cycles to restart,
and coredump processing is also fairly expensive. This adds a configuration option
to allow the value to be changed. If the setting is not set, there is no change.
My plan is to set it to some ridiculusly high value, maybe 1h, to catch cases
where a service is actually hanging.
[1] https://lists.freedesktop.org/archives/systemd-devel/2019-October/043618.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1300212
Diffstat (limited to 'units/systemd-portabled.service.in')
-rw-r--r-- | units/systemd-portabled.service.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in index c88d3597b7..fb79f454fd 100644 --- a/units/systemd-portabled.service.in +++ b/units/systemd-portabled.service.in @@ -15,7 +15,6 @@ RequiresMountsFor=/var/lib/portables [Service] ExecStart=@rootlibexecdir@/systemd-portabled BusName=org.freedesktop.portable1 -WatchdogSec=3min CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD MemoryDenyWriteExecute=yes ProtectHostname=yes @@ -26,3 +25,4 @@ SystemCallErrorNumber=EPERM SystemCallArchitectures=native LockPersonality=yes IPAddressDeny=any +@SERVICE_WATCHDOG@ |