From a9038ae32e4b3760e09b6107a94bdf912b4358bd Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Mon, 6 Feb 2023 10:05:44 +0100 Subject: [PATCH] Add dedicated error if no PID namespace should be unshared We do not have to create the pause process on `CreateNamespaces` if no PID namespace should be unshared. In this case we now return a dedicated error and let the users decide what to do with it. Fixes https://github.com/containers/conmon-rs/issues/1066 Signed-off-by: Sascha Grunert --- .golangci.yml | 8 ++++---- pkg/client/client.go | 14 ++++++++++++++ pkg/client/client_test.go | 27 +++++++++++++++++++++++---- pkg/client/errors.go | 4 ++++ 4 files changed, 45 insertions(+), 8 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 0aee5087b5..55933bfaeb 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -100,16 +100,16 @@ linters: # - wsl linters-settings: funlen: - lines: 155 + lines: 200 statements: 50 varnamelen: min-name-length: 1 cyclop: - max-complexity: 35 + max-complexity: 40 gocognit: - min-complexity: 50 + min-complexity: 55 gocyclo: - min-complexity: 50 + min-complexity: 55 nestif: min-complexity: 15 errcheck: diff --git a/pkg/client/client.go b/pkg/client/client.go index 4406614652..b1a34cdf6e 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -1074,6 +1074,20 @@ func (c *ConmonClient) CreateNamespaces( return nil, fmt.Errorf("requires at least %v: %w", minVersion, ErrUnsupported) } + // The pause process is only required if a PID namespace should be unshared. + foundPIDNamespace := false + for _, ns := range cfg.Namespaces { + if ns == NamespacePID { + foundPIDNamespace = true + + break + } + } + + if !foundPIDNamespace { + return nil, ErrNoPIDNamespaceSpecified + } + conn, err := c.newRPCConn() if err != nil { return nil, fmt.Errorf("create RPC connection: %w", err) diff --git a/pkg/client/client_test.go b/pkg/client/client_test.go index bdec3ee10e..b07797f14e 100644 --- a/pkg/client/client_test.go +++ b/pkg/client/client_test.go @@ -3,7 +3,6 @@ package client_test import ( "bytes" "context" - "errors" "fmt" "io" "io/fs" @@ -522,7 +521,7 @@ var _ = Describe("ConmonClient", func() { }) Describe("CreateNamespaces", func() { - It("should succeed without namespaces", func() { + It("should succeed with PID namespace", func() { tr = newTestRunner() tr.createRuntimeConfig(false) sut = tr.configGivenEnv() @@ -532,13 +531,32 @@ var _ = Describe("ConmonClient", func() { response, err := sut.CreateNamespaces( context.Background(), &client.CreateaNamespacesConfig{ - PodID: podID, + PodID: podID, + Namespaces: []client.Namespace{client.NamespacePID}, }, ) Expect(err).To(BeNil()) Expect(response).NotTo(BeNil()) }) + It("should fail without PID namespace", func() { + tr = newTestRunner() + tr.createRuntimeConfig(false) + sut = tr.configGivenEnv() + + podID := uuid.New().String() + + response, err := sut.CreateNamespaces( + context.Background(), + &client.CreateaNamespacesConfig{ + PodID: podID, + }, + ) + Expect(err).NotTo(Succeed()) + Expect(err).To(MatchError(client.ErrNoPIDNamespaceSpecified)) + Expect(response).To(BeNil()) + }) + It("should fail without pod ID", func() { tr = newTestRunner() tr.createRuntimeConfig(false) @@ -661,12 +679,13 @@ var _ = Describe("ConmonClient", func() { context.Background(), &client.CreateaNamespacesConfig{ Namespaces: []client.Namespace{ + client.NamespacePID, client.NamespaceUser, }, }, ) Expect(err).NotTo(BeNil()) - Expect(errors.Is(err, client.ErrMissingIDMappings)).To(BeTrue()) + Expect(err).To(MatchError(client.ErrMissingIDMappings)) Expect(response).To(BeNil()) }) }) diff --git a/pkg/client/errors.go b/pkg/client/errors.go index 7a2c9d7e24..6a6aee9910 100644 --- a/pkg/client/errors.go +++ b/pkg/client/errors.go @@ -9,4 +9,8 @@ var ( // ErrUnsupported gets returned if the server does not the feature. ErrUnsupported = errors.New("feature not supported by this conmon-rs version") + + // ErrNoPIDNamespaceSpecified gets returned if no PID namespace should be + // unshared via the CreateaNamespacesConfig in the CreateNamespaces method. + ErrNoPIDNamespaceSpecified = errors.New("no PID namespace specified") )