Add dedicated error if no PID namespace should be unshared

We do not have to create the pause process on `CreateNamespaces` if no PID namespace should be unshared. In this case we now return a dedicated error and let the users decide what to do with it. Fixes #1066 Signed-off-by: Sascha Grunert <[email protected]>
containers · Feb 7, 2023 · 7923015 · 7923015
1 parent 8e7abce
commit 7923015
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 8 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -100,16 +100,16 @@ linters:
     # - wsl
 linters-settings:
   funlen:
-    lines: 155
+    lines: 200
     statements: 50
   varnamelen:
     min-name-length: 1
   cyclop:
-    max-complexity: 35
+    max-complexity: 40
   gocognit:
-    min-complexity: 50
+    min-complexity: 55
   gocyclo:
-    min-complexity: 50
+    min-complexity: 55
   nestif:
     min-complexity: 15
   errcheck:

diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -1074,6 +1074,20 @@ func (c *ConmonClient) CreateNamespaces(
 		return nil, fmt.Errorf("requires at least %v: %w", minVersion, ErrUnsupported)
 	}
 
+	// The pause process is only required if a PID namespace should be unshared.
+	foundPIDNamespace := false
+	for _, ns := range cfg.Namespaces {
+		if ns == NamespacePID {
+			foundPIDNamespace = true
+
+			break
+		}
+	}
+
+	if !foundPIDNamespace {
+		return nil, ErrNoPIDNamespaceSpecified
+	}
+
 	conn, err := c.newRPCConn()
 	if err != nil {
 		return nil, fmt.Errorf("create RPC connection: %w", err)

diff --git a/pkg/client/client_test.go b/pkg/client/client_test.go
@@ -3,7 +3,6 @@ package client_test
 import (
 	"bytes"
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"io/fs"
@@ -522,7 +521,7 @@ var _ = Describe("ConmonClient", func() {
 	})
 
 	Describe("CreateNamespaces", func() {
-		It("should succeed without namespaces", func() {
+		It("should succeed with PID namespace", func() {
 			tr = newTestRunner()
 			tr.createRuntimeConfig(false)
 			sut = tr.configGivenEnv()
@@ -532,13 +531,32 @@ var _ = Describe("ConmonClient", func() {
 			response, err := sut.CreateNamespaces(
 				context.Background(),
 				&client.CreateaNamespacesConfig{
-					PodID: podID,
+					PodID:      podID,
+					Namespaces: []client.Namespace{client.NamespacePID},
 				},
 			)
 			Expect(err).To(BeNil())
 			Expect(response).NotTo(BeNil())
 		})
 
+		It("should fail without PID namespace", func() {
+			tr = newTestRunner()
+			tr.createRuntimeConfig(false)
+			sut = tr.configGivenEnv()
+
+			podID := uuid.New().String()
+
+			response, err := sut.CreateNamespaces(
+				context.Background(),
+				&client.CreateaNamespacesConfig{
+					PodID: podID,
+				},
+			)
+			Expect(err).NotTo(BeNil())
+			Expect(err).To(MatchError(client.ErrNoPIDNamespaceSpecified))
+			Expect(response).To(BeNil())
+		})
+
 		It("should fail without pod ID", func() {
 			tr = newTestRunner()
 			tr.createRuntimeConfig(false)
@@ -661,12 +679,13 @@ var _ = Describe("ConmonClient", func() {
 				context.Background(),
 				&client.CreateaNamespacesConfig{
 					Namespaces: []client.Namespace{
+						client.NamespacePID,
 						client.NamespaceUser,
 					},
 				},
 			)
 			Expect(err).NotTo(BeNil())
-			Expect(errors.Is(err, client.ErrMissingIDMappings)).To(BeTrue())
+			Expect(err).To(MatchError(client.ErrMissingIDMappings))
 			Expect(response).To(BeNil())
 		})
 	})

diff --git a/pkg/client/errors.go b/pkg/client/errors.go
@@ -9,4 +9,8 @@ var (
 
 	// ErrUnsupported gets returned if the server does not the feature.
 	ErrUnsupported = errors.New("feature not supported by this conmon-rs version")
+
+	// ErrNoPIDNamespaceSpecified gets returned if no PID namespace should be
+	// unshared via the CreateaNamespacesConfig in the CreateNamespaces method.
+	ErrNoPIDNamespaceSpecified = errors.New("no PID namespace specified")
 )