summaryrefslogtreecommitdiff
path: root/data/templates/container/systemd-unit.j2
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2024-01-12 18:44:43 +0000
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-01-12 19:22:29 +0000
commitb5a672576ad12fb35e592a0c5fc9b2c710b45fbc (patch)
tree9c8cb2ad30062bd2a1ea82853909339f108f1f4f /data/templates/container/systemd-unit.j2
parent87cf581bff3c10a0364af6143fbb7c5f41edf166 (diff)
downloadvyos-1x-b5a672576ad12fb35e592a0c5fc9b2c710b45fbc.tar.gz
vyos-1x-b5a672576ad12fb35e592a0c5fc9b2c710b45fbc.zip
T5925: Containers change systemd KillMode
By default we use mode `none` for containers Unit uses KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. (cherry picked from commit 4c71c46cbb840167708e75e902de5bfc9e31a03e)
Diffstat (limited to 'data/templates/container/systemd-unit.j2')
-rw-r--r--data/templates/container/systemd-unit.j22
1 files changed, 1 insertions, 1 deletions
diff --git a/data/templates/container/systemd-unit.j2 b/data/templates/container/systemd-unit.j2
index fa48384ab..d379f0a07 100644
--- a/data/templates/container/systemd-unit.j2
+++ b/data/templates/container/systemd-unit.j2
@@ -13,5 +13,5 @@ ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%n.cid -t 5
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%n.cid
ExecStopPost=/bin/rm -f %t/%n.cid
PIDFile=%t/%n.pid
-KillMode=none
+KillMode=control-group
Type=forking