use OOMPolicy=continue in httpd.service, httpd@.service (#1947475)

Resolves: rhbz#1947475
2021-04-09 09:40:47 +01:00 · 2021-04-09 09:40:47 +01:00 · f0962294b0
parent 2be7e43256
commit f0962294b0
4 changed files with 31 additions and 7 deletions
--- a/httpd.service
+++ b/httpd.service
@ -27,6 +27,7 @@ ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
 KillSignal=SIGWINCH
 KillMode=mixed
 PrivateTmp=true
+OOMPolicy=continue

 [Install]
 WantedBy=multi-user.target
--- a/httpd.service.xml
+++ b/httpd.service.xml
@ -225,15 +225,34 @@ Wants=network-online.target</programlisting>
      types. See
      <citerefentry><refentrytitle>httpd_selinux</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      for more information.</para>
+    </refsect2>

-      <para>The httpd service enables <emphasis>PrivateTmp</emphasis>
-      by default. The <filename>/tmp</filename> and
-      <filename>/var/tmp</filename> directories available within the
-      httpd process (and CGI scripts, etc) are not shared by other
-      processes. See
+    <refsect2>
+      <title>Process policies and restrictions</title>
+
+      <para>The httpd service uses the following options:
+
+      <itemizedlist>
+        <listitem><para><emphasis>PrivateTmp</emphasis> is enabled by
+        default. The <filename>/tmp</filename> and
+        <filename>/var/tmp</filename> directories available within the
+        httpd process (and CGI scripts, etc) are not shared by other
+        processes.</para></listitem>
+
+        <listitem><para><emphasis>OOMPolicy</emphasis> is set to
+        <emphasis>continue</emphasis> by default.  Under the default
+        Out-of-Memory policy, the entire service will be terminated if
+        any process is killed by the kernel OOM killer.  By setting
+        the policy to <emphasis>continue</emphasis>, httpd will
+        continue to run (and recover) if a single child is terminated
+        because of excess memory consumption.</para></listitem>
+      </itemizedlist>
+
+      See
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+      and
+      <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      for more information.</para>
-
    </refsect2>

    <refsect2>
--- a/httpd.spec
+++ b/httpd.spec
@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.48
-Release: 8%{?dist}
+Release: 9%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -801,6 +801,9 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd

 %changelog
+* Wed Jul  7 2021 Joe Orton <jorton@redhat.com> - 2.4.48-9
+- use OOMPolicy=continue in httpd.service, httpd@.service (#1947475)
+
 * Thu Jul 01 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-8
 - Resolves: #1950021 - [RFE] Update httpd directive SSLProxyMachineCertificateFile
  to be able to handle certs without matching private key
--- a/httpd@.service
+++ b/httpd@.service
@ -20,6 +20,7 @@ ExecReload=/usr/sbin/httpd $OPTIONS -k graceful -f conf/%i.conf
 KillSignal=SIGWINCH
 KillMode=mixed
 PrivateTmp=true
+OOMPolicy=continue

 [Install]
 WantedBy=multi-user.target