diff options
-rw-r--r-- | cmd/podman/main.go | 1 | ||||
-rw-r--r-- | cmd/podman/top.go | 13 | ||||
-rw-r--r-- | test/e2e/rootless_test.go | 19 |
3 files changed, 32 insertions, 1 deletions
diff --git a/cmd/podman/main.go b/cmd/podman/main.go index bd1cc8b95..06d9308e0 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -34,6 +34,7 @@ var cmdsNotRequiringRootless = map[string]bool{ "kill": true, "search": true, "stop": true, + "top": true, } func main() { diff --git a/cmd/podman/top.go b/cmd/podman/top.go index 43728893c..5517fe230 100644 --- a/cmd/podman/top.go +++ b/cmd/podman/top.go @@ -8,6 +8,7 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/urfave/cli" ) @@ -69,6 +70,7 @@ func topCmd(c *cli.Context) error { return err } + rootless.SetSkipStorageSetup(true) runtime, err := libpodruntime.GetRuntime(c) if err != nil { return errors.Wrapf(err, "error creating libpod runtime") @@ -96,6 +98,17 @@ func topCmd(c *cli.Context) error { return errors.Errorf("top can only be used on running containers") } + pid, err := container.PID() + if err != nil { + return err + } + became, ret, err := rootless.JoinNS(uint(pid)) + if err != nil { + return err + } + if became { + os.Exit(ret) + } psOutput, err := container.GetContainerPidInformation(descriptors) if err != nil { return err diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go index 84af927ea..fb19b7c87 100644 --- a/test/e2e/rootless_test.go +++ b/test/e2e/rootless_test.go @@ -71,6 +71,7 @@ var _ = Describe("Podman rootless", func() { if err != nil { Skip("User namespaces not supported.") } + canUseExec := canExec() setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup.WaitWithDefaultTimeout() @@ -122,6 +123,22 @@ var _ = Describe("Podman rootless", func() { Expect(cmd.ExitCode()).To(Equal(0)) allArgs = append([]string{"run", "-d"}, args...) + allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "top") + cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env) + cmd.WaitWithDefaultTimeout() + Expect(cmd.ExitCode()).To(Equal(0)) + + if canUseExec { + cmd = podmanTest.PodmanAsUser([]string{"top", "-l"}, 1000, 1000, env) + cmd.WaitWithDefaultTimeout() + Expect(cmd.ExitCode()).To(Equal(0)) + } + + cmd = podmanTest.PodmanAsUser([]string{"rm", "-l", "-f"}, 1000, 1000, env) + cmd.WaitWithDefaultTimeout() + Expect(cmd.ExitCode()).To(Equal(0)) + + allArgs = append([]string{"run", "-d"}, args...) allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "unshare", "-r", "unshare", "-r", "top") cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env) cmd.WaitWithDefaultTimeout() @@ -143,7 +160,7 @@ var _ = Describe("Podman rootless", func() { cmd.WaitWithDefaultTimeout() Expect(cmd.ExitCode()).To(Equal(0)) - if !canExec() { + if !canUseExec { Skip("ioctl(NS_GET_PARENT) not supported.") } |