From e48f3137c06d652ffb71f22abe7dadbb6941a394 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 21 Jun 2024 10:07:55 +0200 Subject: [PATCH 1/2] libpod: fix comment Signed-off-by: Giuseppe Scrivano --- libpod/container_config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpod/container_config.go b/libpod/container_config.go index 262a4befa0..8c4e0176c5 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -349,7 +349,7 @@ type ContainerMiscConfig struct { Labels map[string]string `json:"labels,omitempty"` // StopSignal is the signal that will be used to stop the container StopSignal uint `json:"stopSignal,omitempty"` - // StopTimeout is the signal that will be used to stop the container + // StopTimeout is maximum time a container is allowed to run after getting the stop signal StopTimeout uint `json:"stopTimeout,omitempty"` // Timeout is maximum time a container will run before getting the kill signal Timeout uint `json:"timeout,omitempty"` From 7d22f04f5692386f951d50150454c95cc8d795f1 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 21 Jun 2024 10:14:06 +0200 Subject: [PATCH 2/2] container: pass KillSignal and StopTimeout to the systemd scope so that they are honored when systemd terminates the scope. Closes: https://issues.redhat.com/browse/RHEL-16375 Signed-off-by: Giuseppe Scrivano --- libpod/container_internal_common.go | 9 +++++++++ test/system/250-systemd.bats | 17 +++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index 70f6f741f5..55c382d3da 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -568,6 +568,15 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc g.SetRootPath(c.state.Mountpoint) g.AddAnnotation("org.opencontainers.image.stopSignal", strconv.FormatUint(uint64(c.config.StopSignal), 10)) + if c.config.StopSignal != 0 { + g.AddAnnotation("org.systemd.property.KillSignal", strconv.FormatUint(uint64(c.config.StopSignal), 10)) + } + + if c.config.StopTimeout != 0 { + annotation := fmt.Sprintf("uint64 %d", c.config.StopTimeout*1000000) // sec to usec + g.AddAnnotation("org.systemd.property.TimeoutStopUSec", annotation) + } + if _, exists := g.Config.Annotations[annotations.ContainerManager]; !exists { g.AddAnnotation(annotations.ContainerManager, annotations.ContainerManagerLibpod) } diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index 8dbc05f212..044a8ae9cd 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -497,4 +497,21 @@ $name stderr" "logs work with passthrough" is "$output" ".*\[DEPRECATED\] Generate systemd units" run_podman rm test } + +@test "podman passes down the KillSignal and StopTimeout setting" { + ctr=systemd_test_$(random_string 5) + + run_podman run -d --name $ctr --stop-signal 5 --stop-timeout 7 --rm $IMAGE top + run_podman inspect $ctr --format '{{ .Id }}' + id="$output" + + run systemctl show -p TimeoutStopUSec "libpod-${id}.scope" + assert "$output" == "TimeoutStopUSec=7s" + + run systemctl show -p KillSignal "libpod-${id}.scope" + assert "$output" == "KillSignal=5" + + # Clean up + run_podman rm -t 0 -f $ctr +} # vim: filetype=sh