Prevent podman varlink socket fight

When enabled, it's desired for the podman-varlink process to startup on boot or upon socket-activation, whichever happens first. However, with `KillMode=none` systemd will never kill any podman-varlink processes. This makes it easily possible for multiple podman-varlink processes to be running, and fight each other to service a single socket. --- For example: Prior to this commit, this will result in four podman-varlink processes being run: ``` systemctl enable io.podman.socket systemctl enable io.podman.service systemctl start io.podman.socket systemctl start io.podman.service systemctl start io.podman.service ``` Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default is 90). This results in podman-varlink exiting on its own after a minute of being idle (--timeout=60000). Alternatively, systemd will manage the service stop by sending a SIGTERM, then if podman-varlink has not exited within `TimeoutStopSec`, a SIGKILL will be sent. Signed-off-by: Chris Evich <cevich@redhat.com>
containers · Sep 12, 2019 · 9be2a6f · 9be2a6f
1 parent afa3d11
commit 9be2a6f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/contrib/varlink/io.podman.service b/contrib/varlink/io.podman.service
@@ -6,8 +6,9 @@ Documentation=man:podman-varlink(1)
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/podman varlink unix:%t/podman/io.podman
-KillMode=none
+ExecStart=/usr/bin/podman varlink unix:%t/podman/io.podman --timeout=60000
+TimeoutStopSec=30
+KillMode=process
 
 [Install]
 WantedBy=multi-user.target

diff --git a/contrib/varlink/io.podman.socket b/contrib/varlink/io.podman.socket
@@ -8,3 +8,4 @@ SocketMode=0600
 
 [Install]
 WantedBy=sockets.target
+Also=multi-user.target