Add podman run --timeout option

This option allows users to specify the maximum amount of time to run
before conmon sends the kill signal to the container.

Fixes: https://github.com/containers/podman/issues/6412

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

5 files changed, 25 insertions, 0 deletions

diff --git a/libpod/container_config.go b/libpod/container_config.go
index e6c3be1bd..379e17285 100644
--- a/libpod/container_config.go
+++ b/libpod/container_config.go
@@ -298,6 +298,8 @@ type ContainerMiscConfig struct {
 	StopSignal uint `json:"stopSignal,omitempty"`
 	// StopTimeout is the signal that will be used to stop the container
 	StopTimeout uint `json:"stopTimeout,omitempty"`
+	// Timeout is maximimum time a container will run before getting the kill signal
+	Timeout uint `json:"timeout,omitempty"`
 	// Time container was created
 	CreatedTime time.Time `json:"createdTime"`
 	// CgroupManager is the cgroup manager used to create this container.
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 61cc43314..5b2103c92 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -304,6 +304,8 @@ func (c *Container) generateInspectContainerConfig(spec *spec.Spec) *define.Insp
 		ctrConfig.WorkingDir = spec.Process.Cwd
 	}
 
+	ctrConfig.StopTimeout = c.config.StopTimeout
+	ctrConfig.Timeout = c.config.Timeout
 	ctrConfig.OpenStdin = c.config.Stdin
 	ctrConfig.Image = c.config.RootfsImageName
 	ctrConfig.SystemdMode = c.config.Systemd
diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go
index 1a38f5b0a..c236f35b0 100644
--- a/libpod/define/container_inspect.go
+++ b/libpod/define/container_inspect.go
@@ -64,6 +64,10 @@ type InspectContainerConfig struct {
 	Umask string `json:"Umask,omitempty"`
 	// Secrets are the secrets mounted in the container
 	Secrets []*InspectSecret `json:"Secrets,omitempty"`
+	// Timeout is time before container is killed by conmon
+	Timeout uint `json:"Timeout"`
+	// StopTimeout is time before container is stoped when calling stop
+	StopTimeout uint `json:"StopTimeout"`
 }
 
 // InspectRestartPolicy holds information about the container's restart policy.
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index c1acec977..1b1d4ad59 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1024,6 +1024,10 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co
 		args = append(args, "-i")
 	}
 
+	if ctr.config.Timeout > 0 {
+		args = append(args, fmt.Sprintf("--timeout=%d", ctr.config.Timeout))
+	}
+
 	if !r.enableKeyring {
 		args = append(args, "--no-new-keyring")
 	}
diff --git a/libpod/options.go b/libpod/options.go
index 5cd0f7b88..c5c23ee16 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -758,6 +758,19 @@ func WithStopTimeout(timeout uint) CtrCreateOption {
 	}
 }
 
+// WithTimeout sets the maximum time a container is allowed to run"
+func WithTimeout(timeout uint) CtrCreateOption {
+	return func(ctr *Container) error {
+		if ctr.valid {
+			return define.ErrCtrFinalized
+		}
+
+		ctr.config.Timeout = timeout
+
+		return nil
+	}
+}
+
 // WithIDMappings sets the idmappings for the container
 func WithIDMappings(idmappings storage.IDMappingOptions) CtrCreateOption {
 	return func(ctr *Container) error {