From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 28 May 2014 10:37:11 +0000 (+0800)
Subject: virt: rework container detection logic
X-Git-Tag: v214~127
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=fdd25311706bd32580ec4d43211cdf4665d2f9de;hp=fdd25311706bd32580ec4d43211cdf4665d2f9de

virt: rework container detection logic

Instead of accessing /proc/1/environ directly, trying to read the
$container variable from it, let's make PID 1 save the contents of that
variable to /run/systemd/container. This allows us to detect containers
without the need for CAP_SYS_PTRACE, which allows us to drop it from a
number of daemons and from the file capabilities of systemd-detect-virt.

Also, don't consider chroot a container technology anymore. After all,
we don't consider file system namespaces container technology anymore,
and hence chroot() should be considered a container even less.
---