Using `Also=` means that the target unit will also be
installed/uninstalled together with our unit. Doing
`Also=multi-user.target` essentially says: disable `multi-user.target`
if `io.podman.socket` is disabled, which sounds... not at all like
what we want.
In practice, systemd thankfully ignores this (likely because it's the
default target). I think having `Also=io.podman.socket` in the
`io.podman.service` already does what we want here: it gets installed
under `sockets.target` whenever the service is. (And the fact that
systemd ignored this means that it wasn't actually playing a role in
resolving #3998.)
This was causing `systemctl preset-all` to dump core in Fedora CoreOS:
https://github.com/coreos/fedora-coreos-tracker/issues/290
(Likely there's a systemd bug around here too.)
Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>
When enabled, it's desired for the podman-varlink process to startup on
boot or upon socket-activation, whichever happens first. However,
with `KillMode=none` systemd will never kill any podman-varlink
processes. This makes it easily possible for multiple podman-varlink
processes to be running, and fight each other to service a single socket.
---
For example:
Prior to this commit, this will result in four podman-varlink processes
being run:
```
systemctl enable io.podman.socket
systemctl enable io.podman.service
systemctl start io.podman.socket
systemctl start io.podman.service
systemctl start io.podman.service
```
Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default
is 90). This results in podman-varlink exiting on its own after a minute
of being idle (--timeout=60000). Alternatively, systemd will manage the
service stop by sending a SIGTERM, then if podman-varlink has not exited
within `TimeoutStopSec`, a SIGKILL will be sent.
Signed-off-by: Chris Evich <cevich@redhat.com>
This enables user to interact with varlink and create/manage rootless
containers through it.
Using as:
`varlink call unix:/run/user/1000/podman/io.podman/io.podman.ListContainers`
Signed-off-by: Matej Marusak <mmarusak@redhat.com>
We only want root to be allowed to access this socket.
Also move socket to /run/podman directory. This requires
us to drop a podman.conf tmpfiles.d file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #806
Approved by: mheon
The struct of the varlink command changed to accept a URI
as input. This was never updated in the service file
Signed-off-by: baude <bbaude@redhat.com>
Closes: #691
Approved by: mheon
