From 2d62cfc99657233f11a482bf12a3853983822fbf Mon Sep 17 00:00:00 2001 From: Ales Ledvinka Date: Thu, 7 Nov 2013 11:40:33 +0100 Subject: [PATCH] Resolves: #1012930 --- 0004-watchdog-5.13-rhseldoc.patch | 81 +++++++++++++++++++++++++++++++ watchdog-ping.service | 11 +++++ watchdog.service | 3 +- watchdog.spec | 9 +++- 4 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 0004-watchdog-5.13-rhseldoc.patch create mode 100644 watchdog-ping.service diff --git a/0004-watchdog-5.13-rhseldoc.patch b/0004-watchdog-5.13-rhseldoc.patch new file mode 100644 index 0000000..1777969 --- /dev/null +++ b/0004-watchdog-5.13-rhseldoc.patch @@ -0,0 +1,81 @@ +diff -up ./watchdog.8.sepol ./watchdog.8 +--- ./watchdog.8.sepol 2013-11-06 17:11:19.714506564 +0100 ++++ ./watchdog.8 2013-11-07 11:30:33.001952183 +0100 +@@ -216,6 +216,15 @@ a given interface for traffic. If no tra + considered unreachable causing a soft reboot or action from the + repair binary. + .PP ++To start the watchdog when network is available: ++.PP ++.br ++systemctl disable watchdog ++.br ++systemctl enable NetworkManager-wait-online ++.br ++systemctl enable watchdog-ping ++.PP + .B watchdog can run an external command for user-defined tests. A return code + not equal 0 means an error occured and watchdog should react. If the external + command is killed by an uncaught signal this is considered an error by watchdog +@@ -317,6 +326,9 @@ Child process did not return in time. + .TP + \-10 + Free for personal use. ++.PP ++With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++for your test-binary configuration. + .SH "REPAIR BINARY" + The repair binary is started with one parameter: the error number that + caused +@@ -333,6 +345,9 @@ are using the real-time properties since + .B watchdog + will wait for + the return of this binary before proceeding. ++.PP ++With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++for your repair-binary configuration. + .SH "TEST DIRECTORY" + Executables placed in the test directory are discovered by watchdog on + startup and are automatically executed. They are bounded time-wise by +@@ -365,6 +380,8 @@ return a non-zero value so the machine w + Note that the watchdog daemon may interpret and act upon any of the reserved + return codes noted in the Check Binary section prior to calling a given + command in "repair" mode. ++.SH SELINUX ++ + .SH BUGS + None known so far. + .SH AUTHORS +diff -up ./watchdog.conf.5.sepol ./watchdog.conf.5 +--- ./watchdog.conf.5.sepol 2013-11-07 11:31:32.490482673 +0100 ++++ ./watchdog.conf.5 2013-11-07 11:33:02.501181770 +0100 +@@ -97,6 +97,8 @@ interfaces. + .TP + test-binary = + Execute the given binary to do some user defined tests. ++With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++for your test-binary configuration. + .TP + test-timeout = + User defined tests may only run for seconds. Set to 0 for unlimited. +@@ -104,6 +106,8 @@ User defined tests may only run for + Execute the given binary in case of a problem instead of shutting down the + system. ++With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++for your repair-binary configuration. + .TP + repair-timeout = + repair command may only run for seconds. Set to 0 for unlimited. +diff -up ./watchdog.conf.sepol ./watchdog.conf +--- ./watchdog.conf.sepol 2013-11-07 11:33:48.919481740 +0100 ++++ ./watchdog.conf 2013-11-07 11:34:39.581772407 +0100 +@@ -15,6 +15,8 @@ + # To get the real size, check how large the pagesize is on your machine. + #min-memory = 1 + ++#With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++#for your test-binary and repair-binary configuration. + #repair-binary = /usr/sbin/repair + #repair-timeout = + #test-binary = diff --git a/watchdog-ping.service b/watchdog-ping.service new file mode 100644 index 0000000..cbb6cc3 --- /dev/null +++ b/watchdog-ping.service @@ -0,0 +1,11 @@ +[Unit] +Description=watchdog daemon +After=network.target +Conflicts=watchdog.service + +[Service] +Type=forking +ExecStart=/usr/sbin/watchdog + +[Install] +WantedBy=multi-user.target diff --git a/watchdog.service b/watchdog.service index 9ec1076..e5847b9 100644 --- a/watchdog.service +++ b/watchdog.service @@ -1,6 +1,7 @@ [Unit] Description=watchdog daemon -After=syslog.target +# man systemd.special +# auto added After=basic.target [Service] Type=forking diff --git a/watchdog.spec b/watchdog.spec index 521021f..d39d393 100644 --- a/watchdog.spec +++ b/watchdog.spec @@ -1,7 +1,7 @@ Summary: Software and/or Hardware watchdog daemon Name: watchdog Version: 5.13 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ URL: http://sourceforge.net/projects/watchdog/ @@ -16,6 +16,7 @@ Source4: watchdog.service Patch1: 0001-watchdog-Clearer-help-output.patch Patch2: 0002-wd_identify-wd_keepalive-Document-c-config-file-in-h.patch Patch3: 0003-watchdog-5.13-rhsel.patch +Patch4: 0004-watchdog-5.13-rhseldoc.patch BuildRequires: systemd-units @@ -46,6 +47,7 @@ expiration) initiated by the BMC. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 cp %{SOURCE2} . cp %{SOURCE3} . @@ -68,6 +70,7 @@ install -d -m0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/watchdog.d make DESTDIR=${RPM_BUILD_ROOT} install install -Dp -m0644 %{name}.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/watchdog install -Dp -m0644 %{SOURCE4} ${RPM_BUILD_ROOT}%{_unitdir}/watchdog.service +install -Dd -m0755 ${RPM_BUILD_ROOT}%{_libexecdir}/watchdog/scripts %post @@ -121,9 +124,13 @@ fi %{_mandir}/man8/wd_identify.8* %{_mandir}/man8/wd_keepalive.8* %{_unitdir}/watchdog.service +%{_libexecdir}/watchdog/scripts %changelog +* Wed Nov 6 2013 Ales Ledvinka - 5.13-6 +- Selinux: Add /usr/libexec/watchdog/scripts/ for test-bin and repair-bin to inherit from. + * Thu Oct 24 2013 Ales Ledvinka - 5.13-5 - Selinux: do not reopen descriptors for reading when only appending.