opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-26 10:45:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

rootless: fix top

Browse Source 
join the user namespace used to create the container so that psgo can
work in the same way as with root containers.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1371
Approved by: rhatdan
This commit is contained in:
Giuseppe Scrivano
2018-08-29 10:02:15 +02:00
committed by Atomic Bot
parent 1789242933
commit 2ed79f6315
3 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/podman/main.go
View File

@ -34,6 +34,7 @@ var cmdsNotRequiringRootless = map[string]bool{
"kill": true, "kill": true,
"search": true, "search": true,
"stop": true, "stop": true,
"top": true,
} }
func main() { func main() {

13
cmd/podman/top.go
View File

@ -8,6 +8,7 @@ import (
"github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod" "github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/urfave/cli" "github.com/urfave/cli"
) )
@ -69,6 +70,7 @@ func topCmd(c *cli.Context) error {
return err return err
} }
rootless.SetSkipStorageSetup(true)
runtime, err := libpodruntime.GetRuntime(c) runtime, err := libpodruntime.GetRuntime(c)
if err != nil { if err != nil {
return errors.Wrapf(err, "error creating libpod runtime") return errors.Wrapf(err, "error creating libpod runtime")
@ -96,6 +98,17 @@ func topCmd(c *cli.Context) error {
return errors.Errorf("top can only be used on running containers") return errors.Errorf("top can only be used on running containers")
} }
pid, err := container.PID()
if err != nil {
return err
}
became, ret, err := rootless.JoinNS(uint(pid))
if err != nil {
return err
}
if became {
os.Exit(ret)
}
psOutput, err := container.GetContainerPidInformation(descriptors) psOutput, err := container.GetContainerPidInformation(descriptors)
if err != nil { if err != nil {
return err return err

19
test/e2e/rootless_test.go
View File

@ -71,6 +71,7 @@ var _ = Describe("Podman rootless", func() {
if err != nil { if err != nil {
Skip("User namespaces not supported.") Skip("User namespaces not supported.")
} }
canUseExec := canExec()
setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup := podmanTest.Podman([]string{"create", ALPINE, "ls"})
setup.WaitWithDefaultTimeout() setup.WaitWithDefaultTimeout()
@ -121,6 +122,22 @@ var _ = Describe("Podman rootless", func() {
cmd.WaitWithDefaultTimeout() cmd.WaitWithDefaultTimeout()
Expect(cmd.ExitCode()).To(Equal(0)) Expect(cmd.ExitCode()).To(Equal(0))
allArgs = append([]string{"run", "-d"}, args...)
allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "top")
cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env)
cmd.WaitWithDefaultTimeout()
Expect(cmd.ExitCode()).To(Equal(0))
if canUseExec {
cmd = podmanTest.PodmanAsUser([]string{"top", "-l"}, 1000, 1000, env)
cmd.WaitWithDefaultTimeout()
Expect(cmd.ExitCode()).To(Equal(0))
}
cmd = podmanTest.PodmanAsUser([]string{"rm", "-l", "-f"}, 1000, 1000, env)
cmd.WaitWithDefaultTimeout()
Expect(cmd.ExitCode()).To(Equal(0))
allArgs = append([]string{"run", "-d"}, args...) allArgs = append([]string{"run", "-d"}, args...)
allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "unshare", "-r", "unshare", "-r", "top") allArgs = append(allArgs, "--security-opt", "seccomp=unconfined", "--rootfs", mountPath, "unshare", "-r", "unshare", "-r", "top")
cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env) cmd = podmanTest.PodmanAsUser(allArgs, 1000, 1000, env)
@ -143,7 +160,7 @@ var _ = Describe("Podman rootless", func() {
cmd.WaitWithDefaultTimeout() cmd.WaitWithDefaultTimeout()
Expect(cmd.ExitCode()).To(Equal(0)) Expect(cmd.ExitCode()).To(Equal(0))
if !canExec() { if !canUseExec {
Skip("ioctl(NS_GET_PARENT) not supported.") Skip("ioctl(NS_GET_PARENT) not supported.")
} }