aboutsummaryrefslogtreecommitdiff
path: root/contrib/varlink
Commit message (Collapse)AuthorAge
* Use /tmp/podman-run-* for backup XDG_RUNTIME_DIRDaniel J Walsh2020-11-04
| | | | | | | We need to block systemd from cleaning up this directory by dropping a /usr/lib/tmpfiles.d/podman.conf file in place. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Revert "Change Varlink systemd unit to use `system service`"Matthew Heon2020-06-16
| | | | | | | | | | | | | | This reverts commit 1bc992bfc3a983b4d9ab53f778a545d83bcde94d. We originally thought `podman varlink` was entirely removed, but that was not true. We originally thought that `podman system service --varlink` worked the same as `podman varlink` but that was also not true. `system service` is broken when used under systemd units, and `podman varlink` still exists and works. Revert the change to `podman system service` to fix socket-activated Varlink under systemd. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Change Varlink systemd unit to use `system service`Matthew Heon2020-06-15
| | | | | | | | | | | We completely removed `podman varlink`, which broke the systemd unit file used by the Varlink code. Change that to use the new `podman system service --varlink` command which replaced it. Also needs a slight reorder of args to make things work happily on my system. Signed-off-by: Matthew Heon <mheon@redhat.com>
* io.podman.socket: drop Also=multi-user.targetJonathan Lebon2019-10-08
| | | | | | | | | | | | | | | | | | | | | | Using `Also=` means that the target unit will also be installed/uninstalled together with our unit. Doing `Also=multi-user.target` essentially says: disable `multi-user.target` if `io.podman.socket` is disabled, which sounds... not at all like what we want. In practice, systemd thankfully ignores this (likely because it's the default target). I think having `Also=io.podman.socket` in the `io.podman.service` already does what we want here: it gets installed under `sockets.target` whenever the service is. (And the fact that systemd ignored this means that it wasn't actually playing a role in resolving #3998.) This was causing `systemctl preset-all` to dump core in Fedora CoreOS: https://github.com/coreos/fedora-coreos-tracker/issues/290 (Likely there's a systemd bug around here too.) Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>
* Prevent podman varlink socket fightChris Evich2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When enabled, it's desired for the podman-varlink process to startup on boot or upon socket-activation, whichever happens first. However, with `KillMode=none` systemd will never kill any podman-varlink processes. This makes it easily possible for multiple podman-varlink processes to be running, and fight each other to service a single socket. --- For example: Prior to this commit, this will result in four podman-varlink processes being run: ``` systemctl enable io.podman.socket systemctl enable io.podman.service systemctl start io.podman.socket systemctl start io.podman.service systemctl start io.podman.service ``` Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default is 90). This results in podman-varlink exiting on its own after a minute of being idle (--timeout=60000). Alternatively, systemd will manage the service stop by sending a SIGTERM, then if podman-varlink has not exited within `TimeoutStopSec`, a SIGKILL will be sent. Signed-off-by: Chris Evich <cevich@redhat.com>
* Add user systemd service and socketMatej Marusak2019-08-13
| | | | | | | | | | This enables user to interact with varlink and create/manage rootless containers through it. Using as: `varlink call unix:/run/user/1000/podman/io.podman/io.podman.ListContainers` Signed-off-by: Matej Marusak <mmarusak@redhat.com>
* Rename varlink socket and interfacebaude2018-08-06
| | | | | | | | | io.projectatomic.podman -> io.podman Signed-off-by: baude <bbaude@redhat.com> Closes: #1204 Approved by: mheon
* Tighten the security on the podman varlink socketDaniel J Walsh2018-05-19
| | | | | | | | | | | We only want root to be allowed to access this socket. Also move socket to /run/podman directory. This requires us to drop a podman.conf tmpfiles.d file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #806 Approved by: mheon
* correct varlink command in service filebaude2018-04-30
| | | | | | | | | | The struct of the varlink command changed to accept a URI as input. This was never updated in the service file Signed-off-by: baude <bbaude@redhat.com> Closes: #691 Approved by: mheon
* Initial varlink implementationbaude2018-04-23
Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon