Merge pull request #4006 from rhatdan/rootless

Report errors when trying to pause rootless containers

libpod/container_internal.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/events"
+	"github.com/containers/libpod/pkg/cgroups"
 	"github.com/containers/libpod/pkg/ctime"
 	"github.com/containers/libpod/pkg/hooks"
 	"github.com/containers/libpod/pkg/hooks/exec"
@@ -1132,6 +1133,16 @@ func (c *Container) pause() error {
 		return errors.Wrapf(define.ErrNoCgroups, "cannot pause without using CGroups")
 	}
 
+	if rootless.IsRootless() {
+		cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
+		if err != nil {
+			return errors.Wrap(err, "failed to determine cgroupversion")
+		}
+		if !cgroupv2 {
+			return errors.Wrap(define.ErrNoCgroups, "can not pause containers on rootless containers with cgroup V1")
+		}
+	}
+
 	if err := c.ociRuntime.pauseContainer(c); err != nil {
 		return err
 	}

libpod/pod_api.go

@@ -5,6 +5,8 @@ import (
 
 	"github.com/containers/libpod/libpod/define"
 	"github.com/containers/libpod/libpod/events"
+	"github.com/containers/libpod/pkg/cgroups"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -163,6 +165,16 @@ func (p *Pod) Pause() (map[string]error, error) {
 		return nil, define.ErrPodRemoved
 	}
 
+	if rootless.IsRootless() {
+		cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to determine cgroupversion")
+		}
+		if !cgroupv2 {
+			return nil, errors.Wrap(define.ErrNoCgroups, "can not pause pods containing rootless containers with cgroup V1")
+		}
+	}
+
 	allCtrs, err := p.runtime.state.PodContainers(p)
 	if err != nil {
 		return nil, err

pkg/varlinkapi/containers.go

@@ -319,12 +319,14 @@ func (i *LibpodAPI) ExportContainer(call iopodman.VarlinkCall, name, outPath str
 
 // GetContainerStats ...
 func (i *LibpodAPI) GetContainerStats(call iopodman.VarlinkCall, name string) error {
-	cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
-	if err != nil {
-		return call.ReplyErrorOccurred(err.Error())
-	}
-	if rootless.IsRootless() && !cgroupv2 {
-		return call.ReplyErrRequiresCgroupsV2ForRootless("rootless containers cannot report container stats")
+	if rootless.IsRootless() {
+		cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
+		if err != nil {
+			return call.ReplyErrorOccurred(err.Error())
+		}
+		if !cgroupv2 {
+			return call.ReplyErrRequiresCgroupsV2ForRootless("rootless containers cannot report container stats")
+		}
 	}
 	ctr, err := i.Runtime.LookupContainer(name)
 	if err != nil {

pkg/varlinkapi/pods.go

@@ -5,12 +5,12 @@ package varlinkapi
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/containers/libpod/pkg/adapter/shortcuts"
 	"syscall"
 
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/cmd/podman/varlink"
 	"github.com/containers/libpod/libpod"
+	"github.com/containers/libpod/pkg/adapter/shortcuts"
 )
 
 // CreatePod ...