On Mon, 23.05.16 19:23, David R. Piegdon (syst...@p23q.org) wrote: > Hi, > > No general counter-arguments here, but I would like to strongly suggest > that support for this has to be explicitly enabled in the services unit, > preferably with required configuration of an upper bound. E.g. > > > [Service] > (...) > WatchdogSec=2s > WatchdogSecAllowChange=true > WatchdogSecUpperBound=30s > > > Granting any possible change would diminish safety expected from a > watchdog mechanism. At least IMHO.
Watchdog support is a robustness thing, not a security thing. If a process wants to fake watchdog wakeups it can do so easily, by careful programming (just run a thread that keeps pinging the parent). Also, we already have NotifyAccess= already, which I think is enough. I am not convinced we need any additional security logic here. If notify support is on, then the watchdog stuff should be accessible really in full. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
