containers/podman.git - forked from: https://github.com/containers/podman.git

	Commit message (Collapse)	Author	Age
*	io.podman.socket: drop Also=multi-user.target	Jonathan Lebon	2019-10-08
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Using `Also=` means that the target unit will also be installed/uninstalled together with our unit. Doing `Also=multi-user.target` essentially says: disable `multi-user.target` if `io.podman.socket` is disabled, which sounds... not at all like what we want. In practice, systemd thankfully ignores this (likely because it's the default target). I think having `Also=io.podman.socket` in the `io.podman.service` already does what we want here: it gets installed under `sockets.target` whenever the service is. (And the fact that systemd ignored this means that it wasn't actually playing a role in resolving #3998.) This was causing `systemctl preset-all` to dump core in Fedora CoreOS: https://github.com/coreos/fedora-coreos-tracker/issues/290 (Likely there's a systemd bug around here too.) Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>
*	Prevent podman varlink socket fight	Chris Evich	2019-09-12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	When enabled, it's desired for the podman-varlink process to startup on boot or upon socket-activation, whichever happens first. However, with `KillMode=none` systemd will never kill any podman-varlink processes. This makes it easily possible for multiple podman-varlink processes to be running, and fight each other to service a single socket. --- For example: Prior to this commit, this will result in four podman-varlink processes being run: ``` systemctl enable io.podman.socket systemctl enable io.podman.service systemctl start io.podman.socket systemctl start io.podman.service systemctl start io.podman.service ``` Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default is 90). This results in podman-varlink exiting on its own after a minute of being idle (--timeout=60000). Alternatively, systemd will manage the service stop by sending a SIGTERM, then if podman-varlink has not exited within `TimeoutStopSec`, a SIGKILL will be sent. Signed-off-by: Chris Evich <cevich@redhat.com>
*	Add user systemd service and socket	Matej Marusak	2019-08-13
\| \| \| \| \| \| \| \| \| \|	This enables user to interact with varlink and create/manage rootless containers through it. Using as: `varlink call unix:/run/user/1000/podman/io.podman/io.podman.ListContainers` Signed-off-by: Matej Marusak <mmarusak@redhat.com>
*	Rename varlink socket and interface	baude	2018-08-06
\| \| \| \| \| \| \| \| \|	io.projectatomic.podman -> io.podman Signed-off-by: baude <bbaude@redhat.com> Closes: #1204 Approved by: mheon
*	Tighten the security on the podman varlink socket	Daniel J Walsh	2018-05-19
\| \| \| \| \| \| \| \| \| \| \|	We only want root to be allowed to access this socket. Also move socket to /run/podman directory. This requires us to drop a podman.conf tmpfiles.d file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #806 Approved by: mheon
*	correct varlink command in service file	baude	2018-04-30
\| \| \| \| \| \| \| \| \| \|	The struct of the varlink command changed to accept a URI as input. This was never updated in the service file Signed-off-by: baude <bbaude@redhat.com> Closes: #691 Approved by: mheon
*	Initial varlink implementation	baude	2018-04-23
	Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon