agent: Return error on trying to persist a pid namespace

An pid namespace cannot be persisted, so add a check-and-error on Namespace::setup() for handling that case. Fixes #1220 Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2025-06-26 15:32:30 +00:00 · 2020-12-28 15:32:35 -05:00 · 2020-12-28 15:32:35 -05:00 · 1f943bd6bf
commit 1f943bd6bf
parent 9a41d09f39
1 changed files with 15 additions and 1 deletions
--- a/src/agent/src/namespace.rs
+++ b/src/agent/src/namespace.rs
@ -81,7 +81,10 @@ impl Namespace {
        fs::create_dir_all(&self.persistent_ns_dir)?;

        let ns_path = PathBuf::from(&self.persistent_ns_dir);
-        let ns_type = self.ns_type.clone();
+        let ns_type = self.ns_type;
+        if ns_type == NamespaceType::PID {
+            return Err(anyhow!("Cannot persist namespace of PID type"));
+        }
        let logger = self.logger.clone();

        let new_ns_path = ns_path.join(&ns_type.get());
@ -211,6 +214,17 @@ mod tests {

        assert!(ns_uts.is_ok());
        assert!(remove_mounts(&vec![ns_uts.unwrap().path]).is_ok());
+
+        // Check it cannot persist pid namespaces.
+        let logger = slog::Logger::root(slog::Discard, o!());
+        let tmpdir = Builder::new().prefix("pid").tempdir().unwrap();
+
+        let ns_pid = Namespace::new(&logger)
+            .as_pid()
+            .set_root_dir(tmpdir.path().to_str().unwrap())
+            .setup();
+
+        assert!(ns_pid.is_err());
    }

    #[test]