As discussed on systemd-devel [1], in Fedora we get lots of abrt reports
about the watchdog firing [2], but 100% of them seem to be caused by resource
starvation in the machine, and never actual deadlocks in the services being
monitored. Killing the services not only does not improve anything, but it
makes the resource starvation worse, because the service needs cycles to restart,
and coredump processing is also fairly expensive. This adds a configuration option
to allow the value to be changed. If the setting is not set, there is no change.
My plan is to set it to some ridiculusly high value, maybe 1h, to catch cases
where a service is actually hanging.
[1] https://lists.freedesktop.org/archives/systemd-devel/2019-October/043618.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=
1300212
conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
+service_watchdog = get_option('service-watchdog')
+substs.set('SERVICE_WATCHDOG',
+ service_watchdog == '' ? '' : 'WatchdogSec=' + service_watchdog)
+
substs.set('SUSHELL', get_option('debug-shell'))
substs.set('DEBUGTTY', get_option('debug-tty'))
conf.set_quoted('DEBUGTTY', get_option('debug-tty'))
'default cgroup hierarchy: @0@'.format(default_hierarchy),
'default net.naming-scheme setting: @0@'.format(default_net_naming_scheme),
'default KillUserProcesses setting: @0@'.format(kill_user_processes),
- 'default locale: @0@'.format(default_locale)]
+ 'default locale: @0@'.format(default_locale),
+ 'systemd service watchdog: @0@'.format(service_watchdog == '' ? 'disabled' : service_watchdog)]
alt_dns_servers = '\n '.join(dns_servers.split(' '))
alt_ntp_servers = '\n '.join(ntp_servers.split(' '))
description : 'support for shadow group')
option('default-locale', type : 'string', value : '',
description : 'default locale used when /etc/locale.conf does not exist')
+option('service-watchdog', type : 'string', value : '3min',
+ description : 'default watchdog setting for systemd services')
option('default-dnssec', type : 'combo',
description : 'default DNSSEC mode',
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service sethostname
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
[Service]
ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
-WatchdogSec=3min
KillMode=mixed
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
NoNewPrivileges=yes
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
LockPersonality=yes
+@SERVICE_WATCHDOG@
RestrictSUIDSGID=yes
SystemCallArchitectures=native
User=systemd-journal-remote
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
# If there are many split up journal files we need a lot of fds to access them
# all in parallel.
SupplementaryGroups=systemd-journal
SystemCallArchitectures=native
User=systemd-journal-upload
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
# If there are many split up journal files we need a lot of fds to access them
# all in parallel.
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
Type=notify
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
# If there are many split up journal files we need a lot of fds to access them
# all in parallel.
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
# Increase the default a bit in order to allow many simultaneous logins since
# we keep one fd open per session.
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service @mount
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
# Note that machined cannot be placed in a mount namespace, since it
# needs access to the host's mount namespace in order to implement the
Type=notify
RestartKillSignal=SIGUSR2
User=systemd-network
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
[Install]
WantedBy=multi-user.target
Type=notify
RestartForceExitStatus=133
SuccessExitStatus=133
-WatchdogSec=3min
Slice=machine.slice
Delegate=yes
TasksMax=16384
+@SERVICE_WATCHDOG@
# Enforce a strict device policy, similar to the one nspawn configures when it
# allocates its own scope unit. Make sure to keep these policies in sync if you
[Service]
ExecStart=@rootlibexecdir@/systemd-portabled
BusName=org.freedesktop.portable1
-WatchdogSec=3min
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
MemoryDenyWriteExecute=yes
ProtectHostname=yes
SystemCallArchitectures=native
LockPersonality=yes
IPAddressDeny=any
+@SERVICE_WATCHDOG@
SystemCallFilter=@system-service
Type=notify
User=systemd-resolve
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
[Install]
WantedBy=multi-user.target
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service @clock
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
SystemCallFilter=@system-service @clock
Type=notify
User=systemd-timesync
-WatchdogSec=3min
+@SERVICE_WATCHDOG@
[Install]
WantedBy=sysinit.target
ExecStart=@rootlibexecdir@/systemd-udevd
ExecReload=@rootbindir@/udevadm control --reload --timeout 0
KillMode=mixed
-WatchdogSec=3min
TasksMax=infinity
PrivateMounts=yes
ProtectHostname=yes
SystemCallArchitectures=native
LockPersonality=yes
IPAddressDeny=any
+@SERVICE_WATCHDOG@