summaryrefslogtreecommitdiff
path: root/pkg/varlinkapi
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2019-08-07 09:53:59 -0500
committerbaude <bbaude@redhat.com>2019-08-12 13:08:57 -0500
commit55cc80d3c9bfd96225db179b96427aa377ecb9dc (patch)
tree8f398f4bf6ee4093f41fd532a2f7362102b5ece4 /pkg/varlinkapi
parent926901d78d3af87b47ce0cfeafcf0e9a6d190334 (diff)
downloadpodman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.tar.gz
podman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.tar.bz2
podman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.zip
varlink endpoint for containerstats requires root
obtaining containerstats requires the use of cgroups. at present, rootless users do not have privileges to create cgroups. add an error message that catches this for the varlink endpoint and return a proper error. Fixes: #3749 Signed-off-by: baude <bbaude@redhat.com>
Diffstat (limited to 'pkg/varlinkapi')
-rw-r--r--pkg/varlinkapi/containers.go9
1 files changed, 9 insertions, 0 deletions
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
index bb66ff962..c7aa5233f 100644
--- a/pkg/varlinkapi/containers.go
+++ b/pkg/varlinkapi/containers.go
@@ -19,6 +19,8 @@ import (
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/libpod/logs"
"github.com/containers/libpod/pkg/adapter/shortcuts"
+ "github.com/containers/libpod/pkg/cgroups"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/varlinkapi/virtwriter"
"github.com/containers/storage/pkg/archive"
"github.com/pkg/errors"
@@ -317,6 +319,13 @@ func (i *LibpodAPI) ExportContainer(call iopodman.VarlinkCall, name, outPath str
// GetContainerStats ...
func (i *LibpodAPI) GetContainerStats(call iopodman.VarlinkCall, name string) error {
+ cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+ if rootless.IsRootless() && !cgroupv2 {
+ return call.ReplyErrRequiresCgroupsV2ForRootless("rootless containers cannot report container stats")
+ }
ctr, err := i.Runtime.LookupContainer(name)
if err != nil {
return call.ReplyContainerNotFound(name, err.Error())