[systemd-devel] Hear opinions about changing watchdog timeout value during service running
Lennart Poettering
lennart at poettering.net
Tue May 24 10:12:56 UTC 2016
On Mon, 23.05.16 19:23, David R. Piegdon (systemd at p23q.org) wrote:
> Hi,
>
> No general counter-arguments here, but I would like to strongly suggest
> that support for this has to be explicitly enabled in the services unit,
> preferably with required configuration of an upper bound. E.g.
>
>
> [Service]
> (...)
> WatchdogSec=2s
> WatchdogSecAllowChange=true
> WatchdogSecUpperBound=30s
>
>
> Granting any possible change would diminish safety expected from a
> watchdog mechanism. At least IMHO.
Watchdog support is a robustness thing, not a security thing. If a
process wants to fake watchdog wakeups it can do so easily, by careful
programming (just run a thread that keeps pinging the parent).
Also, we already have NotifyAccess= already, which I think is enough.
I am not convinced we need any additional security logic here. If
notify support is on, then the watchdog stuff should be accessible
really in full.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list