From 9cc974c9637554620248941642d58ff34df90ba0 Mon Sep 17 00:00:00 2001
From: Jhon Honce <jhonce@redhat.com>
Date: Mon, 2 Aug 2021 15:18:54 -0700
Subject: Only support containers stats using cgroups v2

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1988252

Signed-off-by: Jhon Honce <jhonce@redhat.com>
---
 pkg/api/handlers/libpod/containers_stats.go | 12 ++++++++++++
 pkg/api/server/register_containers.go       |  4 ++++
 2 files changed, 16 insertions(+)

(limited to 'pkg/api')

diff --git a/pkg/api/handlers/libpod/containers_stats.go b/pkg/api/handlers/libpod/containers_stats.go
index 75c404d4f..22faab71f 100644
--- a/pkg/api/handlers/libpod/containers_stats.go
+++ b/pkg/api/handlers/libpod/containers_stats.go
@@ -7,8 +7,10 @@ import (
 
 	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/pkg/api/handlers/utils"
+	"github.com/containers/podman/v3/pkg/cgroups"
 	"github.com/containers/podman/v3/pkg/domain/entities"
 	"github.com/containers/podman/v3/pkg/domain/infra/abi"
+	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/gorilla/schema"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -20,6 +22,16 @@ func StatsContainer(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value("runtime").(*libpod.Runtime)
 	decoder := r.Context().Value("decoder").(*schema.Decoder)
 
+	// Check if service is running rootless (cheap check)
+	if rootless.IsRootless() {
+		// if so, then verify cgroup v2 available (more expensive check)
+		if isV2, _ := cgroups.IsCgroup2UnifiedMode(); !isV2 {
+			msg := "Container stats resource only available for cgroup v2"
+			utils.Error(w, msg, http.StatusConflict, errors.New(msg))
+			return
+		}
+	}
+
 	query := struct {
 		Containers []string `schema:"containers"`
 		Stream     bool     `schema:"stream"`
diff --git a/pkg/api/server/register_containers.go b/pkg/api/server/register_containers.go
index 50e059ecc..89de84cce 100644
--- a/pkg/api/server/register_containers.go
+++ b/pkg/api/server/register_containers.go
@@ -1085,6 +1085,8 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//     description: no error
 	//   404:
 	//     $ref: "#/responses/NoSuchContainer"
+	//   409:
+	//     $ref: "#/responses/ConflictError"
 	//   500:
 	//     $ref: "#/responses/InternalError"
 	r.HandleFunc(VersionedPath("/libpod/containers/{name}/stats"), s.APIHandler(compat.StatsContainer)).Methods(http.MethodGet)
@@ -1113,6 +1115,8 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//     description: no error
 	//   404:
 	//     $ref: "#/responses/NoSuchContainer"
+	//   409:
+	//     $ref: "#/responses/ConflictError"
 	//   500:
 	//     $ref: "#/responses/InternalError"
 	r.HandleFunc(VersionedPath("/libpod/containers/stats"), s.APIHandler(libpod.StatsContainer)).Methods(http.MethodGet)
-- 
cgit v1.2.3-54-g00ecf