Add support for StopSignal in quadlet .container files

Fixes: containers#23050 Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan · Jul 22, 2024 · 0ecd6fa · 0ecd6fa
1 parent 003527f
commit 0ecd6fa
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 0 deletions.
diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md
@@ -306,6 +306,7 @@ Valid options for `[Container]` are listed below:
 | SecurityLabelNested=true             | --security-opt label=nested                          |
 | SecurityLabelType=spc_t              | --security-opt label=type:spc_t                      |
 | ShmSize=100m                         | --shm-size=100m                                      |
+| StopSignal=SIGINT                    | --stop-signal=SIGINT                                 |
 | StopTimeout=20                       | --stop-timeout=20                                    |
 | SubGIDMap=gtest                      | --subgidname=gtest                                   |
 | SubUIDMap=utest                      | --subuidname=utest                                   |
@@ -731,6 +732,12 @@ Size of /dev/shm.
 
 This is equivalent to the Podman `--shm-size` option and generally has the form `number[unit]`
 
+### `StopSignal=`
+
+Signal to stop a container. Default is **SIGTERM**.
+
+This is equivalent to the Podman `--stop-signal` option
+
 ### `StopTimeout=`
 
 Seconds to wait before forcibly stopping the container.

diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go
@@ -143,6 +143,7 @@ const (
 	KeySecurityLabelType     = "SecurityLabelType"
 	KeySetWorkingDirectory   = "SetWorkingDirectory"
 	KeyShmSize               = "ShmSize"
+	KeyStopSignal            = "StopSignal"
 	KeyStopTimeout           = "StopTimeout"
 	KeySubGIDMap             = "SubGIDMap"
 	KeySubnet                = "Subnet"
@@ -242,6 +243,7 @@ var (
 		KeySecurityLabelNested:   true,
 		KeySecurityLabelType:     true,
 		KeyShmSize:               true,
+		KeyStopSignal:            true,
 		KeyStopTimeout:           true,
 		KeySubGIDMap:             true,
 		KeySubUIDMap:             true,
@@ -843,6 +845,10 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse
 		return nil, err
 	}
 
+	if stopSignal, ok := container.Lookup(ContainerGroup, KeyStopSignal); ok && len(stopSignal) > 0 {
+		podman.add("--stop-signal", stopSignal)
+	}
+
 	if stopTimeout, ok := container.Lookup(ContainerGroup, KeyStopTimeout); ok && len(stopTimeout) > 0 {
 		podman.add("--stop-timeout", stopTimeout)
 	}

diff --git a/test/e2e/quadlet/stopsignal.container b/test/e2e/quadlet/stopsignal.container
@@ -0,0 +1,5 @@
+## assert-podman-args "--stop-signal" "SIGKILL"
+
+[Container]
+Image=localhost/imagename
+StopSignal=SIGKILL
diff --git a/test/e2e/quadlet_test.go b/test/e2e/quadlet_test.go
@@ -854,6 +854,7 @@ BOGUS=foo
 		Entry("selinux.container", "selinux.container", 0, ""),
 		Entry("shmsize.container", "shmsize.container", 0, ""),
 		Entry("shortname.container", "shortname.container", 0, "Warning: shortname.container specifies the image \"shortname\" which not a fully qualified image name. This is not ideal for performance and security reasons. See the podman-pull manpage discussion of short-name-aliases.conf for details."),
+		Entry("stopsigal.container", "stopsignal.container", 0, ""),
 		Entry("stoptimeout.container", "stoptimeout.container", 0, ""),
 		Entry("subidmapping.container", "subidmapping.container", 0, ""),
 		Entry("subidmapping-with-remap.container", "subidmapping-with-remap.container", 1, "converting \"subidmapping-with-remap.container\": deprecated Remap keys are set along with explicit mapping keys"),