Resolves: #1012930

2013-11-07 11:40:33 +01:00 · 2013-11-07 11:40:33 +01:00 · 2d62cfc996
commit 2d62cfc996
parent d623593258
4 changed files with 102 additions and 2 deletions
--- a/0004-watchdog-5.13-rhseldoc.patch
+++ b/0004-watchdog-5.13-rhseldoc.patch
@ -0,0 +1,81 @@
+diff -up ./watchdog.8.sepol ./watchdog.8
+--- ./watchdog.8.sepol	2013-11-06 17:11:19.714506564 +0100
+++ ./watchdog.8	2013-11-07 11:30:33.001952183 +0100
+@@ -216,6 +216,15 @@ a given interface for traffic. If no tra
+ considered unreachable causing a soft reboot or action from the 
+ repair binary.
+ .PP
+To start the watchdog when network is available:
+.PP
+.br
+systemctl disable watchdog
+.br
+systemctl enable NetworkManager-wait-online
+.br
+systemctl enable watchdog-ping
+.PP
+ .B watchdog can run an external command for user-defined tests. A return code
+ not equal 0 means an error occured and watchdog should react. If the external
+ command is killed by an uncaught signal this is considered an error by watchdog
+@@ -317,6 +326,9 @@ Child process did not return in time.
+ .TP
+ \-10 
+ Free for personal use.
+.PP
+With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/
+for your test-binary configuration.
+ .SH "REPAIR BINARY"
+ The repair binary is started with one parameter: the error number that
+ caused 
+@@ -333,6 +345,9 @@ are using the real-time properties since
+ .B watchdog 
+ will wait for
+ the return of this binary before proceeding.
+.PP
+With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/
+for your repair-binary configuration.
+ .SH "TEST DIRECTORY"
+ Executables placed in the test directory are discovered by watchdog on 
+ startup and are automatically executed.  They are bounded time-wise by
+@@ -365,6 +380,8 @@ return a non-zero value so the machine w
+ Note that the watchdog daemon may interpret and act upon any of the reserved
+ return codes noted in the Check Binary section prior to calling a given
+ command in "repair" mode.
+.SH SELINUX
+
+ .SH BUGS
+ None known so far.
+ .SH AUTHORS
+diff -up ./watchdog.conf.5.sepol ./watchdog.conf.5
+--- ./watchdog.conf.5.sepol	2013-11-07 11:31:32.490482673 +0100
+++ ./watchdog.conf.5	2013-11-07 11:33:02.501181770 +0100
+@@ -97,6 +97,8 @@ interfaces.
+ .TP
+ test-binary = <testbin>
+ Execute the given binary to do some user defined tests.
+With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/
+for your test-binary configuration.
+ .TP
+ test-timeout = <timeout in seconds>
+ User defined tests may only run for <timeout> seconds. Set to 0 for unlimited.
+@@ -104,6 +106,8 @@ User defined tests may only run for <tim
+ repair-binary = <repbin>
+ Execute the given binary in case of a problem instead of shutting down the
+ system.
+With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/
+for your repair-binary configuration.
+ .TP
+ repair-timeout = <timeout in seconds>
+ repair command may only run for <timeout> seconds. Set to 0 for unlimited.
+diff -up ./watchdog.conf.sepol ./watchdog.conf
+--- ./watchdog.conf.sepol	2013-11-07 11:33:48.919481740 +0100
+++ ./watchdog.conf	2013-11-07 11:34:39.581772407 +0100
+@@ -15,6 +15,8 @@
+ # To get the real size, check how large the pagesize is on your machine.
+ #min-memory		= 1
+ 
+#With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/
+#for your test-binary and repair-binary configuration.
+ #repair-binary		= /usr/sbin/repair
+ #repair-timeout		= 
+ #test-binary		= 
--- a/watchdog-ping.service
+++ b/watchdog-ping.service
@ -0,0 +1,11 @@
+[Unit]
+Description=watchdog daemon
+After=network.target
+Conflicts=watchdog.service
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/watchdog
+
+[Install]
+WantedBy=multi-user.target
--- a/watchdog.service
+++ b/watchdog.service
@ -1,6 +1,7 @@
 [Unit]
 Description=watchdog daemon
-After=syslog.target
+# man systemd.special
+# auto added After=basic.target

 [Service]
 Type=forking
--- a/watchdog.spec
+++ b/watchdog.spec
@ -1,7 +1,7 @@
 Summary:          Software and/or Hardware watchdog daemon
 Name:             watchdog
 Version:          5.13
-Release:          5%{?dist}
+Release:          6%{?dist}
 License:          GPLv2+

 URL:              http://sourceforge.net/projects/watchdog/
@ -16,6 +16,7 @@ Source4:          watchdog.service
 Patch1:           0001-watchdog-Clearer-help-output.patch
 Patch2:           0002-wd_identify-wd_keepalive-Document-c-config-file-in-h.patch
 Patch3:           0003-watchdog-5.13-rhsel.patch
+Patch4:           0004-watchdog-5.13-rhseldoc.patch

 BuildRequires:    systemd-units

@ -46,6 +47,7 @@ expiration) initiated by the BMC.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1

 cp %{SOURCE2} .
 cp %{SOURCE3} .
@ -68,6 +70,7 @@ install -d -m0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/watchdog.d
 make DESTDIR=${RPM_BUILD_ROOT} install
 install -Dp -m0644 %{name}.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/watchdog
 install -Dp -m0644 %{SOURCE4} ${RPM_BUILD_ROOT}%{_unitdir}/watchdog.service
+install -Dd -m0755 ${RPM_BUILD_ROOT}%{_libexecdir}/watchdog/scripts


 %post
@ -121,9 +124,13 @@ fi
 %{_mandir}/man8/wd_identify.8*
 %{_mandir}/man8/wd_keepalive.8*
 %{_unitdir}/watchdog.service
+%{_libexecdir}/watchdog/scripts


 %changelog
+* Wed Nov  6 2013 Ales Ledvinka <aledvink@redhat.com> - 5.13-6
+- Selinux: Add /usr/libexec/watchdog/scripts/ for test-bin and repair-bin to inherit from.
+
 * Thu Oct 24 2013 Ales Ledvinka <aledvink@redhat.com> - 5.13-5
 - Selinux: do not reopen descriptors for reading when only appending.