diff options
| author | baude <bbaude@redhat.com> | 2019-08-07 09:53:59 -0500 |
|---|---|---|
| committer | baude <bbaude@redhat.com> | 2019-08-12 13:08:57 -0500 |
| commit | 55cc80d3c9bfd96225db179b96427aa377ecb9dc (patch) | |
| tree | 8f398f4bf6ee4093f41fd532a2f7362102b5ece4 /pkg | |
| parent | 926901d78d3af87b47ce0cfeafcf0e9a6d190334 (diff) | |
| download | podman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.tar.gz podman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.tar.bz2 podman-55cc80d3c9bfd96225db179b96427aa377ecb9dc.zip | |
varlink endpoint for containerstats requires root
obtaining containerstats requires the use of cgroups. at present,
rootless users do not have privileges to create cgroups. add an error
message that catches this for the varlink endpoint and return a proper
error.
Fixes: #3749
Signed-off-by: baude <bbaude@redhat.com>
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/varlinkapi/containers.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go index bb66ff962..c7aa5233f 100644 --- a/pkg/varlinkapi/containers.go +++ b/pkg/varlinkapi/containers.go @@ -19,6 +19,8 @@ import ( "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/libpod/logs" "github.com/containers/libpod/pkg/adapter/shortcuts" + "github.com/containers/libpod/pkg/cgroups" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/varlinkapi/virtwriter" "github.com/containers/storage/pkg/archive" "github.com/pkg/errors" @@ -317,6 +319,13 @@ func (i *LibpodAPI) ExportContainer(call iopodman.VarlinkCall, name, outPath str // GetContainerStats ... func (i *LibpodAPI) GetContainerStats(call iopodman.VarlinkCall, name string) error { + cgroupv2, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return call.ReplyErrorOccurred(err.Error()) + } + if rootless.IsRootless() && !cgroupv2 { + return call.ReplyErrRequiresCgroupsV2ForRootless("rootless containers cannot report container stats") + } ctr, err := i.Runtime.LookupContainer(name) if err != nil { return call.ReplyContainerNotFound(name, err.Error()) |