From 88ebc33840ff07701254e2f6e2484f229f09a6cc Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 12 Sep 2019 12:37:22 -0400
Subject: Report errors when trying to pause rootless containers

If you are running a rootless container on cgroupV1
you can not pause the container.  We need to report the proper error
if this happens.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 libpod/container_internal.go | 11 +++++++++++
 libpod/pod_api.go            | 12 ++++++++++++
 2 files changed, 23 insertions(+)

(limited to 'libpod')

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 0b5a8b946..6bf8439da 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/events"
+	"github.com/containers/libpod/pkg/cgroups"
 	"github.com/containers/libpod/pkg/ctime"
 	"github.com/containers/libpod/pkg/hooks"
 	"github.com/containers/libpod/pkg/hooks/exec"
@@ -1132,6 +1133,16 @@ func (c *Container) pause() error {
 		return errors.Wrapf(define.ErrNoCgroups, "cannot pause without using CGroups")
 	}
 
+	if rootless.IsRootless() {
+		cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
+		if err != nil {
+			return errors.Wrap(err, "failed to determine cgroupversion")
+		}
+		if !cgroupv2 {
+			return errors.Wrap(define.ErrNoCgroups, "can not pause containers on rootless containers with cgroup V1")
+		}
+	}
+
 	if err := c.ociRuntime.pauseContainer(c); err != nil {
 		return err
 	}
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index e2448e92a..7c786b835 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -5,6 +5,8 @@ import (
 
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/events"
+	"github.com/containers/libpod/pkg/cgroups"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -163,6 +165,16 @@ func (p *Pod) Pause() (map[string]error, error) {
 		return nil, define.ErrPodRemoved
 	}
 
+	if rootless.IsRootless() {
+		cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to determine cgroupversion")
+		}
+		if !cgroupv2 {
+			return nil, errors.Wrap(define.ErrNoCgroups, "can not pause pods containing rootless containers with cgroup V1")
+		}
+	}
+
 	allCtrs, err := p.runtime.state.PodContainers(p)
 	if err != nil {
 		return nil, err
-- 
cgit v1.2.3-54-g00ecf