Only support containers stats using cgroups v2

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1988252 Signed-off-by: Jhon Honce <jhonce@redhat.com>
2025-10-17 03:04:21 +08:00 · 2021-08-02 15:18:54 -07:00
parent cbad561696
commit 9cc974c963
3 changed files with 26 additions and 0 deletions
--- a/pkg/api/handlers/libpod/containers_stats.go
+++ b/pkg/api/handlers/libpod/containers_stats.go
@ -7,8 +7,10 @@ import (

 	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/pkg/api/handlers/utils"
+	"github.com/containers/podman/v3/pkg/cgroups"
 	"github.com/containers/podman/v3/pkg/domain/entities"
 	"github.com/containers/podman/v3/pkg/domain/infra/abi"
+	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/gorilla/schema"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@ -20,6 +22,16 @@ func StatsContainer(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value("runtime").(*libpod.Runtime)
 	decoder := r.Context().Value("decoder").(*schema.Decoder)

+	// Check if service is running rootless (cheap check)
+	if rootless.IsRootless() {
+		// if so, then verify cgroup v2 available (more expensive check)
+		if isV2, _ := cgroups.IsCgroup2UnifiedMode(); !isV2 {
+			msg := "Container stats resource only available for cgroup v2"
+			utils.Error(w, msg, http.StatusConflict, errors.New(msg))
+			return
+		}
+	}
+
 	query := struct {
 		Containers []string `schema:"containers"`
 		Stream     bool     `schema:"stream"`
--- a/pkg/api/server/register_containers.go
+++ b/pkg/api/server/register_containers.go
@ -1085,6 +1085,8 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//     description: no error
 	//   404:
 	//     $ref: "#/responses/NoSuchContainer"
+	//   409:
+	//     $ref: "#/responses/ConflictError"
 	//   500:
 	//     $ref: "#/responses/InternalError"
 	r.HandleFunc(VersionedPath("/libpod/containers/{name}/stats"), s.APIHandler(compat.StatsContainer)).Methods(http.MethodGet)
@ -1113,6 +1115,8 @@ func (s *APIServer) registerContainersHandlers(r *mux.Router) error {
 	//     description: no error
 	//   404:
 	//     $ref: "#/responses/NoSuchContainer"
+	//   409:
+	//     $ref: "#/responses/ConflictError"
 	//   500:
 	//     $ref: "#/responses/InternalError"
 	r.HandleFunc(VersionedPath("/libpod/containers/stats"), s.APIHandler(libpod.StatsContainer)).Methods(http.MethodGet)
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@ -65,6 +65,16 @@ t GET libpod/containers/json?last=1 200 \

 cid=$(jq -r '.[0].Id' <<<"$output")

+if root; then
+    t GET libpod/containers/stats?containers='[$cid]' 200
+else
+    if have_cgroupsv2; then
+        t GET libpod/containers/stats?containers='[$cid]' 200
+    else
+        t GET libpod/containers/stats?containers='[$cid]' 409
+    fi
+fi
+
 t DELETE libpod/containers/$cid 204

 # Issue #6799: it should be possible to start a container, even w/o args.