From d65dd4597578788ec4a5ec45fcdea537f87aa588 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 25 Oct 2019 23:22:08 +0300 Subject: Revert "meson: allow WatchdogSec= in services to be configured" This reverts commit 21d0dd5a89fe0ef259ca51ebea9f39dd79a341c2. --- meson.build | 7 +------ meson_options.txt | 2 -- units/systemd-hostnamed.service.in | 2 +- units/systemd-importd.service.in | 2 +- units/systemd-journal-remote.service.in | 2 +- units/systemd-journal-upload.service.in | 2 +- units/systemd-journald.service.in | 2 +- units/systemd-localed.service.in | 2 +- units/systemd-logind.service.in | 2 +- units/systemd-machined.service.in | 2 +- units/systemd-networkd.service.in | 2 +- units/systemd-nspawn@.service.in | 2 +- units/systemd-portabled.service.in | 2 +- units/systemd-resolved.service.in | 2 +- units/systemd-timedated.service.in | 2 +- units/systemd-timesyncd.service.in | 2 +- units/systemd-udevd.service.in | 2 +- 17 files changed, 16 insertions(+), 23 deletions(-) diff --git a/meson.build b/meson.build index dc1fde60ee..1e27be7837 100644 --- a/meson.build +++ b/meson.build @@ -795,10 +795,6 @@ conf.set_quoted('SYSTEMD_DEFAULT_LOCALE', default_locale) conf.set_quoted('GETTEXT_PACKAGE', meson.project_name()) -service_watchdog = get_option('service-watchdog') -substs.set('SERVICE_WATCHDOG', - service_watchdog == '' ? '' : 'WatchdogSec=' + service_watchdog) - substs.set('SUSHELL', get_option('debug-shell')) substs.set('DEBUGTTY', get_option('debug-tty')) conf.set_quoted('DEBUGTTY', get_option('debug-tty')) @@ -3117,8 +3113,7 @@ status = [ 'default cgroup hierarchy: @0@'.format(default_hierarchy), 'default net.naming-scheme setting: @0@'.format(default_net_naming_scheme), 'default KillUserProcesses setting: @0@'.format(kill_user_processes), - 'default locale: @0@'.format(default_locale), - 'systemd service watchdog: @0@'.format(service_watchdog == '' ? 'disabled' : service_watchdog)] + 'default locale: @0@'.format(default_locale)] alt_dns_servers = '\n '.join(dns_servers.split(' ')) alt_ntp_servers = '\n '.join(ntp_servers.split(' ')) diff --git a/meson_options.txt b/meson_options.txt index 0919577fd7..5dc898eb80 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -207,8 +207,6 @@ option('gshadow', type : 'boolean', description : 'support for shadow group') option('default-locale', type : 'string', value : '', description : 'default locale used when /etc/locale.conf does not exist') -option('service-watchdog', type : 'string', value : '3min', - description : 'default watchdog setting for systemd services') option('default-dnssec', type : 'combo', description : 'default DNSSEC mode', diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in index 1fbbafdd6f..b4f606cf78 100644 --- a/units/systemd-hostnamed.service.in +++ b/units/systemd-hostnamed.service.in @@ -36,4 +36,4 @@ RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service sethostname -@SERVICE_WATCHDOG@ +WatchdogSec=3min diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in index 1a6fae4b69..38b7d7e94b 100644 --- a/units/systemd-importd.service.in +++ b/units/systemd-importd.service.in @@ -15,6 +15,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/importd [Service] ExecStart=@rootlibexecdir@/systemd-importd BusName=org.freedesktop.import1 +WatchdogSec=3min KillMode=mixed CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE NoNewPrivileges=yes @@ -27,4 +28,3 @@ SystemCallFilter=@system-service @mount SystemCallErrorNumber=EPERM SystemCallArchitectures=native LockPersonality=yes -@SERVICE_WATCHDOG@ diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in index 7f5238802f..dd6322e62c 100644 --- a/units/systemd-journal-remote.service.in +++ b/units/systemd-journal-remote.service.in @@ -33,7 +33,7 @@ RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native User=systemd-journal-remote -@SERVICE_WATCHDOG@ +WatchdogSec=3min # If there are many split up journal files we need a lot of fds to access them # all in parallel. diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in index 33ef3b8dca..e3800473ec 100644 --- a/units/systemd-journal-upload.service.in +++ b/units/systemd-journal-upload.service.in @@ -31,7 +31,7 @@ StateDirectory=systemd/journal-upload SupplementaryGroups=systemd-journal SystemCallArchitectures=native User=systemd-journal-upload -@SERVICE_WATCHDOG@ +WatchdogSec=3min # If there are many split up journal files we need a lot of fds to access them # all in parallel. diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index 303d5a4826..089bc38f59 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -37,7 +37,7 @@ SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify -@SERVICE_WATCHDOG@ +WatchdogSec=3min # If there are many split up journal files we need a lot of fds to access them # all in parallel. diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in index f9a81fa8dd..7bca34409a 100644 --- a/units/systemd-localed.service.in +++ b/units/systemd-localed.service.in @@ -37,4 +37,4 @@ RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service -@SERVICE_WATCHDOG@ +WatchdogSec=3min diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in index ef802a4e6f..c6f5b81c1d 100644 --- a/units/systemd-logind.service.in +++ b/units/systemd-logind.service.in @@ -55,7 +55,7 @@ StateDirectory=systemd/linger SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service -@SERVICE_WATCHDOG@ +WatchdogSec=3min # Increase the default a bit in order to allow many simultaneous logins since # we keep one fd open per session. diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in index 3db0281f81..d6deefea08 100644 --- a/units/systemd-machined.service.in +++ b/units/systemd-machined.service.in @@ -29,7 +29,7 @@ RestrictRealtime=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @mount -@SERVICE_WATCHDOG@ +WatchdogSec=3min # Note that machined cannot be placed in a mount namespace, since it # needs access to the host's mount namespace in order to implement the diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index ed985f64fa..5c6275e5b3 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -44,7 +44,7 @@ SystemCallFilter=@system-service Type=notify RestartKillSignal=SIGUSR2 User=systemd-network -@SERVICE_WATCHDOG@ +WatchdogSec=3min [Install] WantedBy=multi-user.target diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in index 669fea3c12..2473a730b4 100644 --- a/units/systemd-nspawn@.service.in +++ b/units/systemd-nspawn@.service.in @@ -23,10 +23,10 @@ KillMode=mixed Type=notify RestartForceExitStatus=133 SuccessExitStatus=133 +WatchdogSec=3min Slice=machine.slice Delegate=yes TasksMax=16384 -@SERVICE_WATCHDOG@ # Enforce a strict device policy, similar to the one nspawn configures when it # allocates its own scope unit. Make sure to keep these policies in sync if you diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in index fb79f454fd..c88d3597b7 100644 --- a/units/systemd-portabled.service.in +++ b/units/systemd-portabled.service.in @@ -15,6 +15,7 @@ RequiresMountsFor=/var/lib/portables [Service] ExecStart=@rootlibexecdir@/systemd-portabled BusName=org.freedesktop.portable1 +WatchdogSec=3min CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD MemoryDenyWriteExecute=yes ProtectHostname=yes @@ -25,4 +26,3 @@ SystemCallErrorNumber=EPERM SystemCallArchitectures=native LockPersonality=yes IPAddressDeny=any -@SERVICE_WATCHDOG@ diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index 22cb202363..eee5d5ea8f 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -46,7 +46,7 @@ SystemCallErrorNumber=EPERM SystemCallFilter=@system-service Type=notify User=systemd-resolve -@SERVICE_WATCHDOG@ +WatchdogSec=3min [Install] WantedBy=multi-user.target diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in index 819cb4dba2..d430ee2017 100644 --- a/units/systemd-timedated.service.in +++ b/units/systemd-timedated.service.in @@ -36,4 +36,4 @@ RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @clock -@SERVICE_WATCHDOG@ +WatchdogSec=3min diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in index 1a866fcc7a..2d8d14f6de 100644 --- a/units/systemd-timesyncd.service.in +++ b/units/systemd-timesyncd.service.in @@ -46,7 +46,7 @@ SystemCallErrorNumber=EPERM SystemCallFilter=@system-service @clock Type=notify User=systemd-timesync -@SERVICE_WATCHDOG@ +WatchdogSec=3min [Install] WantedBy=sysinit.target diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in index 8b1dd0efc7..c257af0efa 100644 --- a/units/systemd-udevd.service.in +++ b/units/systemd-udevd.service.in @@ -25,6 +25,7 @@ RestartSec=0 ExecStart=@rootlibexecdir@/systemd-udevd ExecReload=@rootbindir@/udevadm control --reload --timeout 0 KillMode=mixed +WatchdogSec=3min TasksMax=infinity PrivateMounts=yes ProtectHostname=yes @@ -37,4 +38,3 @@ SystemCallErrorNumber=EPERM SystemCallArchitectures=native LockPersonality=yes IPAddressDeny=any -@SERVICE_WATCHDOG@ -- cgit v1.2.1