diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-12-10 13:23:49 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-12-10 13:36:10 +0100 |
| commit | 536bfdab4cca38916ec8b112a6f80b0c068cc806 (patch) | |
| tree | 534d518c36da1199088167851bceca0678f6d169 /src | |
| parent | a644abed54bd4a42ebe2c99af5cc621ffbaf6c55 (diff) | |
virt: when detecting containers and /run/systemd/container cannot be read, check /proc/1/environ
This way, we should be in a slightly better situation if a container is
booted up with only a shell as PID 1. In that case
/run/systemd/container will not be populated, and a check for it hence
be ineffective.
Checking /proc/1/environ doesn't fully fix the problem though, as the
file is only accessible with privileges. This means if PID 1 is not
systemd, and if privileges have been dropped the container detection
will continue to fail.
Diffstat (limited to 'src')
| -rw-r--r-- | src/shared/virt.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/src/shared/virt.c b/src/shared/virt.c index f9c4e67c7..f10baab40 100644 --- a/src/shared/virt.c +++ b/src/shared/virt.c @@ -293,8 +293,26 @@ int detect_container(const char **id) { r = read_one_line_file("/run/systemd/container", &m); if (r == -ENOENT) { - r = 0; - goto finish; + + /* Fallback for cases where PID 1 was not + * systemd (for example, cases where + * init=/bin/sh is used. */ + + r = getenv_for_pid(1, "container", &m); + if (r <= 0) { + + /* If that didn't work, give up, + * assume no container manager. + * + * Note: This means we still cannot + * detect containers if init=/bin/sh + * is passed but privileges dropped, + * as /proc/1/environ is only readable + * with privileges. */ + + r = 0; + goto finish; + } } if (r < 0) return r; |