summaryrefslogtreecommitdiff
path: root/contrib/varlink
Commit message (Collapse)AuthorAge
* Prevent podman varlink socket fightChris Evich2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When enabled, it's desired for the podman-varlink process to startup on boot or upon socket-activation, whichever happens first. However, with `KillMode=none` systemd will never kill any podman-varlink processes. This makes it easily possible for multiple podman-varlink processes to be running, and fight each other to service a single socket. --- For example: Prior to this commit, this will result in four podman-varlink processes being run: ``` systemctl enable io.podman.socket systemctl enable io.podman.service systemctl start io.podman.socket systemctl start io.podman.service systemctl start io.podman.service ``` Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default is 90). This results in podman-varlink exiting on its own after a minute of being idle (--timeout=60000). Alternatively, systemd will manage the service stop by sending a SIGTERM, then if podman-varlink has not exited within `TimeoutStopSec`, a SIGKILL will be sent. Signed-off-by: Chris Evich <cevich@redhat.com>
* Add user systemd service and socketMatej Marusak2019-08-13
| | | | | | | | | | This enables user to interact with varlink and create/manage rootless containers through it. Using as: `varlink call unix:/run/user/1000/podman/io.podman/io.podman.ListContainers` Signed-off-by: Matej Marusak <mmarusak@redhat.com>
* Rename varlink socket and interfacebaude2018-08-06
| | | | | | | | | io.projectatomic.podman -> io.podman Signed-off-by: baude <bbaude@redhat.com> Closes: #1204 Approved by: mheon
* Tighten the security on the podman varlink socketDaniel J Walsh2018-05-19
| | | | | | | | | | | We only want root to be allowed to access this socket. Also move socket to /run/podman directory. This requires us to drop a podman.conf tmpfiles.d file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #806 Approved by: mheon
* correct varlink command in service filebaude2018-04-30
| | | | | | | | | | The struct of the varlink command changed to accept a URI as input. This was never updated in the service file Signed-off-by: baude <bbaude@redhat.com> Closes: #691 Approved by: mheon
* Initial varlink implementationbaude2018-04-23
Signed-off-by: baude <bbaude@redhat.com> Closes: #627 Approved by: mheon
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-28 12:24:51 +0000