chiark / gitweb /
virt: when detecting containers and /run/systemd/container cannot be read, check...
authorLennart Poettering <lennart@poettering.net>
Wed, 10 Dec 2014 12:23:49 +0000 (13:23 +0100)
committerLennart Poettering <lennart@poettering.net>
Wed, 10 Dec 2014 12:36:10 +0000 (13:36 +0100)
This way, we should be in a slightly better situation if a container is
booted up with only a shell as PID 1. In that case
/run/systemd/container will not be populated, and a check for it hence
be ineffective.

Checking /proc/1/environ doesn't fully fix the problem though, as the
file is only accessible with privileges. This means if PID 1 is not
systemd, and if privileges have been dropped the container detection
will continue to fail.

src/shared/virt.c

index f9c4e67..f10baab 100644 (file)
@@ -293,8 +293,26 @@ int detect_container(const char **id) {
 
                 r = read_one_line_file("/run/systemd/container", &m);
                 if (r == -ENOENT) {
-                        r = 0;
-                        goto finish;
+
+                        /* Fallback for cases where PID 1 was not
+                         * systemd (for example, cases where
+                         * init=/bin/sh is used. */
+
+                        r = getenv_for_pid(1, "container", &m);
+                        if (r <= 0) {
+
+                                /* If that didn't work, give up,
+                                 * assume no container manager.
+                                 *
+                                 * Note: This means we still cannot
+                                 * detect containers if init=/bin/sh
+                                 * is passed but privileges dropped,
+                                 * as /proc/1/environ is only readable
+                                 * with privileges. */
+
+                                r = 0;
+                                goto finish;
+                        }
                 }
                 if (r < 0)
                         return r;