container: pass KillSignal and StopTimeout to the systemd scope

so that they are honored when systemd terminates the scope. Closes: https://issues.redhat.com/browse/RHEL-16375 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2024-06-21 10:14:06 +02:00 · 2024-06-21 10:14:06 +02:00 · 7d22f04f56
parent e48f3137c0
commit 7d22f04f56
2 changed files with 26 additions and 0 deletions
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@ -568,6 +568,15 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
 	g.SetRootPath(c.state.Mountpoint)
 	g.AddAnnotation("org.opencontainers.image.stopSignal", strconv.FormatUint(uint64(c.config.StopSignal), 10))

+	if c.config.StopSignal != 0 {
+		g.AddAnnotation("org.systemd.property.KillSignal", strconv.FormatUint(uint64(c.config.StopSignal), 10))
+	}
+
+	if c.config.StopTimeout != 0 {
+		annotation := fmt.Sprintf("uint64 %d", c.config.StopTimeout*1000000) // sec to usec
+		g.AddAnnotation("org.systemd.property.TimeoutStopUSec", annotation)
+	}
+
 	if _, exists := g.Config.Annotations[annotations.ContainerManager]; !exists {
 		g.AddAnnotation(annotations.ContainerManager, annotations.ContainerManagerLibpod)
 	}
--- a/test/system/250-systemd.bats
+++ b/test/system/250-systemd.bats
@ -497,4 +497,21 @@ $name stderr" "logs work with passthrough"
    is "$output" ".*\[DEPRECATED\] Generate systemd units"
    run_podman rm test
 }
+
+@test "podman passes down the KillSignal and StopTimeout setting" {
+    ctr=systemd_test_$(random_string 5)
+
+    run_podman run -d --name $ctr --stop-signal 5 --stop-timeout 7 --rm $IMAGE top
+    run_podman inspect $ctr --format '{{ .Id }}'
+    id="$output"
+
+    run systemctl show -p TimeoutStopUSec "libpod-${id}.scope"
+    assert "$output" == "TimeoutStopUSec=7s"
+
+    run systemctl show -p KillSignal "libpod-${id}.scope"
+    assert "$output" == "KillSignal=5"
+
+    # Clean up
+    run_podman rm -t 0 -f $ctr
+}
 # vim: filetype=sh