varlink endpoint for containerstats requires root

obtaining containerstats requires the use of cgroups. at present, rootless users do not have privileges to create cgroups. add an error message that catches this for the varlink endpoint and return a proper error. Fixes: #3749 Signed-off-by: baude <[email protected]>
containers · Aug 12, 2019 · 55cc80d · 55cc80d
1 parent 926901d
commit 55cc80d
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/API.md b/API.md
@@ -265,6 +265,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
 
 [error ErrCtrStopped](#ErrCtrStopped)
 
+[error ErrRequiresCgroupsV2ForRootless](#ErrRequiresCgroupsV2ForRootless)
+
 [error ErrorOccurred](#ErrorOccurred)
 
 [error ImageNotFound](#ImageNotFound)
@@ -2006,6 +2008,9 @@ ContainerNotFound means the container could not be found by the provided name or
 ### <a name="ErrCtrStopped"></a>type ErrCtrStopped
 
 Container is already stopped
+### <a name="ErrRequiresCgroupsV2ForRootless"></a>type ErrRequiresCgroupsV2ForRootless
+
+This function requires CGroupsV2 to run in rootless mode.
 ### <a name="ErrorOccurred"></a>type ErrorOccurred
 
 ErrorOccurred is a generic error for an error that occurs during the execution.  The actual error message

diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
@@ -1277,3 +1277,6 @@ error WantsMoreRequired (reason: string)
 
 # Container is already stopped
 error ErrCtrStopped (id: string)
+
+# This function requires CGroupsV2 to run in rootless mode.
+error ErrRequiresCgroupsV2ForRootless(reason: string)
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
@@ -19,6 +19,8 @@ import (
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/logs"
 	"github.com/containers/libpod/pkg/adapter/shortcuts"
+	"github.com/containers/libpod/pkg/cgroups"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/libpod/pkg/varlinkapi/virtwriter"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/pkg/errors"
@@ -317,6 +319,13 @@ func (i *LibpodAPI) ExportContainer(call iopodman.VarlinkCall, name, outPath str
 
 // GetContainerStats ...
 func (i *LibpodAPI) GetContainerStats(call iopodman.VarlinkCall, name string) error {
+	cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
+	if err != nil {
+		return call.ReplyErrorOccurred(err.Error())
+	}
+	if rootless.IsRootless() && !cgroupv2 {
+		return call.ReplyErrRequiresCgroupsV2ForRootless("rootless containers cannot report container stats")
+	}
 	ctr, err := i.Runtime.LookupContainer(name)
 	if err != nil {
 		return call.ReplyContainerNotFound(name, err.Error())