diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-08-29 10:02:15 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-08-29 16:25:20 +0000 |
commit | 2ed79f6315a35a76b405f62aa85088a5b9bd9af4 (patch) | |
tree | 9342616cae1cabe1e9ce75b962ff3d6538a7ba2d | |
parent | 1789242933ddbc3e4a29662f5218b5b94ee30863 (diff) | |
download | podman-2ed79f6315a35a76b405f62aa85088a5b9bd9af4.tar.gz podman-2ed79f6315a35a76b405f62aa85088a5b9bd9af4.tar.bz2 podman-2ed79f6315a35a76b405f62aa85088a5b9bd9af4.zip |
rootless: fix top
join the user namespace used to create the container so that psgo can
work in the same way as with root containers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1371
Approved by: rhatdan
-rw-r--r-- | cmd/podman/main.go | 1 | ||||
-rw-r--r-- | cmd/podman/top.go | 13 | ||||
-rw-r--r-- | test/e2e/rootless_test.go | 19 |
3 files changed, 32 insertions, 1 deletions
diff --git a/cmd/podman/main.go b/cmd/podman/main.go index bd1cc8b95..06d9308e0 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -34,6 +34,7 @@ var cmdsNotRequiringRootless = map[string]bool{ "kill": true, "search": true, "stop": true, + "top": true, } func main() { diff --git a/cmd/podman/top.go b/cmd/podman/top.go index 43728893c..5517fe230 100644 --- a/cmd/podman/top.go +++ b/cmd/podman/top.go @@ -8,6 +8,7 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/urfave/cli" ) @@ -69,6 +70,7 @@ func topCmd(c *cli.Context) error { return err } + rootless.SetSkipStorageSetup(true) runtime, err := libpodruntime.GetRuntime(c) if err != nil { return errors.Wrapf(err, "error creating libpod runtime") @@ -96,6 +98,17 @@ func topCmd(c *cli.Context) error { return errors.Errorf("top can only be used on running containers") } + pid, err := container.PID() + if err != nil { + return err + } + became, ret, err := rootless.JoinNS(uint(pid)) + if err != nil { + return err + } + if became { + os.Exit(ret) + } psOutput, err := container.GetContainerPidInformation(descriptors) if err != nil { return err diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go index 84af927ea..fb19b7c87 100644 --- a/test/e2e/rootless_test.go +++ b/test/e2e/rootless_test.go @@ -71,6 +71,7 @@ var _ = Describe("Podman rootless", func() { if err != nil { Skip("User namespaces not supported.") } + canUseExec := canExec() setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup.WaitWithDefaultTimeout() @@ -122,6 +123,22 @@ var _ = Describe("Podman rootless", func() { Expect(cmd.ExitCode()).To(Equal(0)) allArgs = append([]string{"run", "-d"}, args...) + allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "top") + cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env) + cmd.WaitWithDefaultTimeout() + Expect(cmd.ExitCode()).To(Equal(0)) + + if canUseExec { + cmd = podmanTest.PodmanAsUser([]string{"top", "-l"}, 1000, 1000, env) + cmd.WaitWithDefaultTimeout() + Expect(cmd.ExitCode()).To(Equal(0)) + } + + cmd = podmanTest.PodmanAsUser([]string{"rm", "-l", "-f"}, 1000, 1000, env) + cmd.WaitWithDefaultTimeout() + Expect(cmd.ExitCode()).To(Equal(0)) + + allArgs = append([]string{"run", "-d"}, args...) allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "unshare", "-r", "unshare", "-r", "top") cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env) cmd.WaitWithDefaultTimeout() @@ -143,7 +160,7 @@ var _ = Describe("Podman rootless", func() { cmd.WaitWithDefaultTimeout() Expect(cmd.ExitCode()).To(Equal(0)) - if !canExec() { + if !canUseExec { Skip("ioctl(NS_GET_PARENT) not supported.") } |