diff options
author | Chris Evich <cevich@redhat.com> | 2019-09-11 15:51:15 -0400 |
---|---|---|
committer | Chris Evich <cevich@redhat.com> | 2019-09-12 11:21:20 -0400 |
commit | 9be2a6f908ee80c7410cb0c3121359d87f366f28 (patch) | |
tree | d4cc44a795b60fa5667817f754ea49a33ffc0c12 /contrib | |
parent | afa3d11381eb23820c653c44d3d249041bc6a833 (diff) | |
download | podman-9be2a6f908ee80c7410cb0c3121359d87f366f28.tar.gz podman-9be2a6f908ee80c7410cb0c3121359d87f366f28.tar.bz2 podman-9be2a6f908ee80c7410cb0c3121359d87f366f28.zip |
Prevent podman varlink socket fight
When enabled, it's desired for the podman-varlink process to startup on
boot or upon socket-activation, whichever happens first. However,
with `KillMode=none` systemd will never kill any podman-varlink
processes. This makes it easily possible for multiple podman-varlink
processes to be running, and fight each other to service a single socket.
---
For example:
Prior to this commit, this will result in four podman-varlink processes
being run:
```
systemctl enable io.podman.socket
systemctl enable io.podman.service
systemctl start io.podman.socket
systemctl start io.podman.service
systemctl start io.podman.service
```
Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default
is 90). This results in podman-varlink exiting on its own after a minute
of being idle (--timeout=60000). Alternatively, systemd will manage the
service stop by sending a SIGTERM, then if podman-varlink has not exited
within `TimeoutStopSec`, a SIGKILL will be sent.
Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/varlink/io.podman.service | 5 | ||||
-rw-r--r-- | contrib/varlink/io.podman.socket | 1 |
2 files changed, 4 insertions, 2 deletions
diff --git a/contrib/varlink/io.podman.service b/contrib/varlink/io.podman.service index 725198e79..5be5329f4 100644 --- a/contrib/varlink/io.podman.service +++ b/contrib/varlink/io.podman.service @@ -6,8 +6,9 @@ Documentation=man:podman-varlink(1) [Service] Type=simple -ExecStart=/usr/bin/podman varlink unix:%t/podman/io.podman -KillMode=none +ExecStart=/usr/bin/podman varlink unix:%t/podman/io.podman --timeout=60000 +TimeoutStopSec=30 +KillMode=process [Install] WantedBy=multi-user.target diff --git a/contrib/varlink/io.podman.socket b/contrib/varlink/io.podman.socket index f6a3ddc49..629a5dd20 100644 --- a/contrib/varlink/io.podman.socket +++ b/contrib/varlink/io.podman.socket @@ -8,3 +8,4 @@ SocketMode=0600 [Install] WantedBy=sockets.target +Also=multi-user.target |