From 0ecd6fa59fd03d98fd20ebae80793d8ec7aa1187 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 21 Jul 2024 06:08:00 -0400 Subject: [PATCH] Add support for StopSignal in quadlet .container files Fixes: https://github.com/containers/podman/issues/23050 Signed-off-by: Daniel J Walsh --- docs/source/markdown/podman-systemd.unit.5.md | 7 +++++++ pkg/systemd/quadlet/quadlet.go | 6 ++++++ test/e2e/quadlet/stopsignal.container | 5 +++++ test/e2e/quadlet_test.go | 1 + 4 files changed, 19 insertions(+) create mode 100644 test/e2e/quadlet/stopsignal.container diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md index 21e3bb2c27..81dd92c1e1 100644 --- a/docs/source/markdown/podman-systemd.unit.5.md +++ b/docs/source/markdown/podman-systemd.unit.5.md @@ -306,6 +306,7 @@ Valid options for `[Container]` are listed below: | SecurityLabelNested=true | --security-opt label=nested | | SecurityLabelType=spc_t | --security-opt label=type:spc_t | | ShmSize=100m | --shm-size=100m | +| StopSignal=SIGINT | --stop-signal=SIGINT | | StopTimeout=20 | --stop-timeout=20 | | SubGIDMap=gtest | --subgidname=gtest | | SubUIDMap=utest | --subuidname=utest | @@ -731,6 +732,12 @@ Size of /dev/shm. This is equivalent to the Podman `--shm-size` option and generally has the form `number[unit]` +### `StopSignal=` + +Signal to stop a container. Default is **SIGTERM**. + +This is equivalent to the Podman `--stop-signal` option + ### `StopTimeout=` Seconds to wait before forcibly stopping the container. diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go index 98b0221d3a..c21ec2a151 100644 --- a/pkg/systemd/quadlet/quadlet.go +++ b/pkg/systemd/quadlet/quadlet.go @@ -143,6 +143,7 @@ const ( KeySecurityLabelType = "SecurityLabelType" KeySetWorkingDirectory = "SetWorkingDirectory" KeyShmSize = "ShmSize" + KeyStopSignal = "StopSignal" KeyStopTimeout = "StopTimeout" KeySubGIDMap = "SubGIDMap" KeySubnet = "Subnet" @@ -242,6 +243,7 @@ var ( KeySecurityLabelNested: true, KeySecurityLabelType: true, KeyShmSize: true, + KeyStopSignal: true, KeyStopTimeout: true, KeySubGIDMap: true, KeySubUIDMap: true, @@ -843,6 +845,10 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse return nil, err } + if stopSignal, ok := container.Lookup(ContainerGroup, KeyStopSignal); ok && len(stopSignal) > 0 { + podman.add("--stop-signal", stopSignal) + } + if stopTimeout, ok := container.Lookup(ContainerGroup, KeyStopTimeout); ok && len(stopTimeout) > 0 { podman.add("--stop-timeout", stopTimeout) } diff --git a/test/e2e/quadlet/stopsignal.container b/test/e2e/quadlet/stopsignal.container new file mode 100644 index 0000000000..b48d8cda9d --- /dev/null +++ b/test/e2e/quadlet/stopsignal.container @@ -0,0 +1,5 @@ +## assert-podman-args "--stop-signal" "SIGKILL" + +[Container] +Image=localhost/imagename +StopSignal=SIGKILL diff --git a/test/e2e/quadlet_test.go b/test/e2e/quadlet_test.go index 1d3b4b7644..7ba4e6269b 100644 --- a/test/e2e/quadlet_test.go +++ b/test/e2e/quadlet_test.go @@ -854,6 +854,7 @@ BOGUS=foo Entry("selinux.container", "selinux.container", 0, ""), Entry("shmsize.container", "shmsize.container", 0, ""), Entry("shortname.container", "shortname.container", 0, "Warning: shortname.container specifies the image \"shortname\" which not a fully qualified image name. This is not ideal for performance and security reasons. See the podman-pull manpage discussion of short-name-aliases.conf for details."), + Entry("stopsigal.container", "stopsignal.container", 0, ""), Entry("stoptimeout.container", "stoptimeout.container", 0, ""), Entry("subidmapping.container", "subidmapping.container", 0, ""), Entry("subidmapping-with-remap.container", "subidmapping-with-remap.container", 1, "converting \"subidmapping-with-remap.container\": deprecated Remap keys are set along with explicit mapping keys"),