From b5a672576ad12fb35e592a0c5fc9b2c710b45fbc Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Fri, 12 Jan 2024 18:44:43 +0000
Subject: T5925: Containers change systemd KillMode

By default we use mode `none` for containers

Unit uses KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update the
service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.

(cherry picked from commit 4c71c46cbb840167708e75e902de5bfc9e31a03e)
---
 data/templates/container/systemd-unit.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'data')

diff --git a/data/templates/container/systemd-unit.j2 b/data/templates/container/systemd-unit.j2
index fa48384ab..d379f0a07 100644
--- a/data/templates/container/systemd-unit.j2
+++ b/data/templates/container/systemd-unit.j2
@@ -13,5 +13,5 @@ ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%n.cid -t 5
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%n.cid
 ExecStopPost=/bin/rm -f %t/%n.cid
 PIDFile=%t/%n.pid
-KillMode=none
+KillMode=control-group
 Type=forking
-- 
cgit v1.2.3