From e4750177c525029dbf2e62d0b15a51e598d37c7d Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@redhat.com>
Date: Mon, 6 Feb 2023 10:05:44 +0100
Subject: [PATCH] Add dedicated error if no PID namespace should be unshared

We do not have to create the pause process on `CreateNamespaces` if no
PID namespace should be unshared. In this case we now return a dedicated
error and let the users decide what to do with it.

Fixes https://github.com/containers/conmon-rs/issues/1066

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
---
 .golangci.yml        |  8 ++++----
 pkg/client/client.go | 14 ++++++++++++++
 pkg/client/errors.go |  4 ++++
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index e7e1d38700..6b736bcdd2 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -97,16 +97,16 @@ linters:
     # - wsl
 linters-settings:
   funlen:
-    lines: 155
+    lines: 200
     statements: 50
   varnamelen:
     min-name-length: 1
   cyclop:
-    max-complexity: 35
+    max-complexity: 40
   gocognit:
-    min-complexity: 50
+    min-complexity: 55
   gocyclo:
-    min-complexity: 50
+    min-complexity: 55
   nestif:
     min-complexity: 15
   errcheck:
diff --git a/pkg/client/client.go b/pkg/client/client.go
index 4406614652..b1a34cdf6e 100644
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -1074,6 +1074,20 @@ func (c *ConmonClient) CreateNamespaces(
 		return nil, fmt.Errorf("requires at least %v: %w", minVersion, ErrUnsupported)
 	}
 
+	// The pause process is only required if a PID namespace should be unshared.
+	foundPIDNamespace := false
+	for _, ns := range cfg.Namespaces {
+		if ns == NamespacePID {
+			foundPIDNamespace = true
+
+			break
+		}
+	}
+
+	if !foundPIDNamespace {
+		return nil, ErrNoPIDNamespaceSpecified
+	}
+
 	conn, err := c.newRPCConn()
 	if err != nil {
 		return nil, fmt.Errorf("create RPC connection: %w", err)
diff --git a/pkg/client/errors.go b/pkg/client/errors.go
index 7a2c9d7e24..6a6aee9910 100644
--- a/pkg/client/errors.go
+++ b/pkg/client/errors.go
@@ -9,4 +9,8 @@ var (
 
 	// ErrUnsupported gets returned if the server does not the feature.
 	ErrUnsupported = errors.New("feature not supported by this conmon-rs version")
+
+	// ErrNoPIDNamespaceSpecified gets returned if no PID namespace should be
+	// unshared via the CreateaNamespacesConfig in the CreateNamespaces method.
+	ErrNoPIDNamespaceSpecified = errors.New("no PID namespace specified")
 )