diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-10-20 23:41:21 -0400 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-10-26 20:12:51 -0400 |
| commit | 299a34c11a4241f8c5832ccd5a7bc13263f8488b (patch) | |
| tree | f67f997d142debec99297a095f4687f65bf7c00e /man | |
| parent | 24597ee0e626b61f134e09b4e871449ef86b1343 (diff) | |
detect-virt: add --private-users switch to check if a userns is active
Various things don't work when we're running in a user namespace, but it's
pretty hard to reliably detect if that is true.
A function is added which looks at /proc/self/uid_map and returns false
if the default "0 0 UINT32_MAX" is found, and true if it finds anything else.
This misses the case where an 1:1 mapping with the full range was used, but
I don't know how to distinguish this case.
'systemd-detect-virt --private-users' is very similar to
'systemd-detect-virt --chroot', but we check for a user namespace instead.
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd-detect-virt.xml | 16 | ||||
| -rw-r--r-- | man/systemd.unit.xml | 3 |
2 files changed, 16 insertions, 3 deletions
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml index 61a5f8937f..996c2fa256 100644 --- a/man/systemd-detect-virt.xml +++ b/man/systemd-detect-virt.xml @@ -50,7 +50,8 @@ <refsynopsisdiv> <cmdsynopsis> - <command>systemd-detect-virt <arg choice="opt" rep="repeat">OPTIONS</arg></command> + <command>systemd-detect-virt</command> + <arg choice="opt" rep="repeat">OPTIONS</arg> </cmdsynopsis> </refsynopsisdiv> @@ -218,6 +219,16 @@ </varlistentry> <varlistentry> + <term><option>--private-users</option></term> + + <listitem><para>Detect whether invoked in a user namespace. In this mode, no + output is written, but the return value indicates whether the process was invoked + inside of a user namespace or not. See + <citerefentry project='man-pages'><refentrytitle>user_namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry> + for more information.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>-q</option></term> <term><option>--quiet</option></term> @@ -243,7 +254,8 @@ <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, - <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry> + <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>, + <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry> </para> </refsect1> diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index 04efee2891..40c4cfd854 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -908,7 +908,8 @@ <varname>systemd-nspawn</varname>, <varname>docker</varname>, <varname>rkt</varname> to test - against a specific implementation. See + against a specific implementation, or + <varname>private-users</varname> to check whether we are running in a user namespace. See <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry> for a full list of known virtualization technologies and their identifiers. If multiple virtualization technologies are |