From 7d22f04f5692386f951d50150454c95cc8d795f1 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 21 Jun 2024 10:14:06 +0200
Subject: [PATCH] container: pass KillSignal and StopTimeout to the systemd
 scope

so that they are honored when systemd terminates the scope.

Closes: https://issues.redhat.com/browse/RHEL-16375

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/container_internal_common.go |  9 +++++++++
 test/system/250-systemd.bats        | 17 +++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go
index 70f6f741f5..55c382d3da 100644
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@@ -568,6 +568,15 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
 	g.SetRootPath(c.state.Mountpoint)
 	g.AddAnnotation("org.opencontainers.image.stopSignal", strconv.FormatUint(uint64(c.config.StopSignal), 10))
 
+	if c.config.StopSignal != 0 {
+		g.AddAnnotation("org.systemd.property.KillSignal", strconv.FormatUint(uint64(c.config.StopSignal), 10))
+	}
+
+	if c.config.StopTimeout != 0 {
+		annotation := fmt.Sprintf("uint64 %d", c.config.StopTimeout*1000000) // sec to usec
+		g.AddAnnotation("org.systemd.property.TimeoutStopUSec", annotation)
+	}
+
 	if _, exists := g.Config.Annotations[annotations.ContainerManager]; !exists {
 		g.AddAnnotation(annotations.ContainerManager, annotations.ContainerManagerLibpod)
 	}
diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats
index 8dbc05f212..044a8ae9cd 100644
--- a/test/system/250-systemd.bats
+++ b/test/system/250-systemd.bats
@@ -497,4 +497,21 @@ $name stderr" "logs work with passthrough"
     is "$output" ".*\[DEPRECATED\] Generate systemd units"
     run_podman rm test
 }
+
+@test "podman passes down the KillSignal and StopTimeout setting" {
+    ctr=systemd_test_$(random_string 5)
+
+    run_podman run -d --name $ctr --stop-signal 5 --stop-timeout 7 --rm $IMAGE top
+    run_podman inspect $ctr --format '{{ .Id }}'
+    id="$output"
+
+    run systemctl show -p TimeoutStopUSec "libpod-${id}.scope"
+    assert "$output" == "TimeoutStopUSec=7s"
+
+    run systemctl show -p KillSignal "libpod-${id}.scope"
+    assert "$output" == "KillSignal=5"
+
+    # Clean up
+    run_podman rm -t 0 -f $ctr
+}
 # vim: filetype=sh