diff options
| author | baude <bbaude@redhat.com> | 2019-08-07 09:53:59 -0500 |
|---|---|---|
| committer | baude <bbaude@redhat.com> | 2019-08-12 13:08:57 -0500 |
| commit | 55cc80d3c9bfd96225db179b96427aa377ecb9dc (patch) | |
| tree | 8f398f4bf6ee4093f41fd532a2f7362102b5ece4 | |
| parent | 926901d78d3af87b47ce0cfeafcf0e9a6d190334 (diff) | |
| download | podman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.tar.gz podman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.tar.bz2 podman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.zip | |
varlink endpoint for containerstats requires root
obtaining containerstats requires the use of cgroups. at present,
rootless users do not have privileges to create cgroups. add an error
message that catches this for the varlink endpoint and return a proper
error.
Fixes: #3749
Signed-off-by: baude <bbaude@redhat.com>
| -rwxr-xr-x | API.md | 5 | ||||
| -rw-r--r-- | cmd/podman/varlink/io.podman.varlink | 3 | ||||
| -rw-r--r-- | pkg/varlinkapi/containers.go | 9 |
3 files changed, 17 insertions, 0 deletions
@@ -265,6 +265,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in [error ErrCtrStopped](#ErrCtrStopped) +[error ErrRequiresCgroupsV2ForRootless](#ErrRequiresCgroupsV2ForRootless) + [error ErrorOccurred](#ErrorOccurred) [error ImageNotFound](#ImageNotFound) @@ -2006,6 +2008,9 @@ ContainerNotFound means the container could not be found by the provided name or ### <a name="ErrCtrStopped"></a>type ErrCtrStopped Container is already stopped +### <a name="ErrRequiresCgroupsV2ForRootless"></a>type ErrRequiresCgroupsV2ForRootless + +This function requires CGroupsV2 to run in rootless mode. ### <a name="ErrorOccurred"></a>type ErrorOccurred ErrorOccurred is a generic error for an error that occurs during the execution. The actual error message diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index b867dccc1..4a4c97e99 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -1277,3 +1277,6 @@ error WantsMoreRequired (reason: string) # Container is already stopped error ErrCtrStopped (id: string) + +# This function requires CGroupsV2 to run in rootless mode. +error ErrRequiresCgroupsV2ForRootless(reason: string)
\ No newline at end of file diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go index bb66ff962..c7aa5233f 100644 --- a/pkg/varlinkapi/containers.go +++ b/pkg/varlinkapi/containers.go @@ -19,6 +19,8 @@ import ( "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/logs" "github.com/containers/libpod/pkg/adapter/shortcuts" + "github.com/containers/libpod/pkg/cgroups" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/varlinkapi/virtwriter" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" @@ -317,6 +319,13 @@ func (i *LibpodAPI) ExportContainer(call iopodman.VarlinkCall, name, outPath str // GetContainerStats ... func (i *LibpodAPI) GetContainerStats(call iopodman.VarlinkCall, name string) error { + cgroupv2, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + if rootless.IsRootless() && !cgroupv2 { + return call.ReplyErrRequiresCgroupsV2ForRootless("rootless containers cannot report container stats") + } ctr, err := i.Runtime.LookupContainer(name) if err != nil { return call.ReplyContainerNotFound(name, err.Error()) |