Add support for StopSignal in quadlet .container files

Fixes: https://github.com/containers/podman/issues/23050 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-05-17 23:26:08 +08:00 · 2024-07-21 06:08:00 -04:00
parent 003527fedc
commit 0ecd6fa59f
4 changed files with 19 additions and 0 deletions
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@ -306,6 +306,7 @@ Valid options for `[Container]` are listed below:
 | SecurityLabelNested=true             | --security-opt label=nested                          |
 | SecurityLabelType=spc_t              | --security-opt label=type:spc_t                      |
 | ShmSize=100m                         | --shm-size=100m                                      |
+| StopSignal=SIGINT                    | --stop-signal=SIGINT                                 |
 | StopTimeout=20                       | --stop-timeout=20                                    |
 | SubGIDMap=gtest                      | --subgidname=gtest                                   |
 | SubUIDMap=utest                      | --subuidname=utest                                   |
@ -731,6 +732,12 @@ Size of /dev/shm.

 This is equivalent to the Podman `--shm-size` option and generally has the form `number[unit]`

+### `StopSignal=`
+
+Signal to stop a container. Default is **SIGTERM**.
+
+This is equivalent to the Podman `--stop-signal` option
+
 ### `StopTimeout=`

 Seconds to wait before forcibly stopping the container.
--- a/pkg/systemd/quadlet/quadlet.go
+++ b/pkg/systemd/quadlet/quadlet.go
@ -143,6 +143,7 @@ const (
 	KeySecurityLabelType     = "SecurityLabelType"
 	KeySetWorkingDirectory   = "SetWorkingDirectory"
 	KeyShmSize               = "ShmSize"
+	KeyStopSignal            = "StopSignal"
 	KeyStopTimeout           = "StopTimeout"
 	KeySubGIDMap             = "SubGIDMap"
 	KeySubnet                = "Subnet"
@ -242,6 +243,7 @@ var (
 		KeySecurityLabelNested:   true,
 		KeySecurityLabelType:     true,
 		KeyShmSize:               true,
+		KeyStopSignal:            true,
 		KeyStopTimeout:           true,
 		KeySubGIDMap:             true,
 		KeySubUIDMap:             true,
@ -843,6 +845,10 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse
 		return nil, err
 	}

+	if stopSignal, ok := container.Lookup(ContainerGroup, KeyStopSignal); ok && len(stopSignal) > 0 {
+		podman.add("--stop-signal", stopSignal)
+	}
+
 	if stopTimeout, ok := container.Lookup(ContainerGroup, KeyStopTimeout); ok && len(stopTimeout) > 0 {
 		podman.add("--stop-timeout", stopTimeout)
 	}
--- a/test/e2e/quadlet/stopsignal.container
+++ b/test/e2e/quadlet/stopsignal.container
@ -0,0 +1,5 @@
+## assert-podman-args "--stop-signal" "SIGKILL"
+
+[Container]
+Image=localhost/imagename
+StopSignal=SIGKILL
--- a/test/e2e/quadlet_test.go
+++ b/test/e2e/quadlet_test.go
@ -854,6 +854,7 @@ BOGUS=foo
 		Entry("selinux.container", "selinux.container", 0, ""),
 		Entry("shmsize.container", "shmsize.container", 0, ""),
 		Entry("shortname.container", "shortname.container", 0, "Warning: shortname.container specifies the image \"shortname\" which not a fully qualified image name. This is not ideal for performance and security reasons. See the podman-pull manpage discussion of short-name-aliases.conf for details."),
+		Entry("stopsigal.container", "stopsignal.container", 0, ""),
 		Entry("stoptimeout.container", "stoptimeout.container", 0, ""),
 		Entry("subidmapping.container", "subidmapping.container", 0, ""),
 		Entry("subidmapping-with-remap.container", "subidmapping-with-remap.container", 1, "converting \"subidmapping-with-remap.container\": deprecated Remap keys are set along with explicit mapping keys"),