summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--man/systemd.unit.xml19
-rw-r--r--src/detect-virt.c3
-rw-r--r--src/util.c51
3 files changed, 62 insertions, 11 deletions
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index f4764f9557..9066e66cc2 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -746,18 +746,22 @@
whether it is a specific
implementation. Takes either boolean
value to check if being executed in
- any virtual environment or one of the
+ any virtual environment or one of
<varname>qemu</varname>,
<varname>kvm</varname>,
<varname>vmware</varname>,
<varname>microsoft</varname>,
<varname>oracle</varname>,
<varname>xen</varname>,
- <varname>pidns</varname>,
- <varname>openvz</varname> to test
- against a specific implementation. The
- test may be negated by prepending an
- exclamation mark.
+ <varname>openvz</varname>,
+ <varname>lxc</varname>,
+ <varname>systemd-nspawn</varname>,
+ <varname>pidns</varname> to test
+ against a specific implementation. If
+ multiple virtualization technologies
+ are nested only the innermost is
+ considered. The test may be negated by
+ prepending an exclamation mark.
<varname>ConditionSecurity=</varname>
may be used to check whether the given
security module is enabled on the
@@ -788,7 +792,8 @@
pipe symbol must be passed first, the
exclamation second. Except for
<varname>ConditionPathIsSymbolicLink=</varname>,
- all path checks follow symlinks.</para></listitem>
+ all path checks follow
+ symlinks.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/detect-virt.c b/src/detect-virt.c
index 57f0176668..324f182c7e 100644
--- a/src/detect-virt.c
+++ b/src/detect-virt.c
@@ -34,7 +34,8 @@ int main(int argc, char *argv[]) {
* to detect whether we are being run in a virtualized
* environment or not */
- if ((r = detect_virtualization(&id)) < 0) {
+ r = detect_virtualization(&id);
+ if (r < 0) {
log_error("Failed to check for virtualization: %s", strerror(-r));
return EXIT_FAILURE;
}
diff --git a/src/util.c b/src/util.c
index 36c8938c2f..33b6fd4809 100644
--- a/src/util.c
+++ b/src/util.c
@@ -4384,7 +4384,7 @@ int detect_vm(const char **id) {
if (hypervisor) {
if (id)
- *id = "other";
+ *id = "other-vm";
return 1;
}
@@ -4421,7 +4421,51 @@ int detect_container(const char **id) {
return 1;
}
- if ((f = fopen("/proc/self/cgroup", "re"))) {
+ f = fopen("/proc/1/environ", "re");
+ if (f) {
+ bool done = false;
+
+ do {
+ char line[LINE_MAX];
+ unsigned i;
+
+ for (i = 0; i < sizeof(line)-1; i++) {
+ int c;
+
+ c = getc(f);
+ if (_unlikely_(c == EOF)) {
+ done = true;
+ break;
+ } else if (c == 0)
+ break;
+
+ line[i] = c;
+ }
+ line[i] = 0;
+
+ if (streq(line, "container=lxc")) {
+ fclose(f);
+ *id = "lxc";
+ return 1;
+
+ } else if (streq(line, "container=systemd-nspawn")) {
+ fclose(f);
+ *id = "systemd-nspawn";
+ return 1;
+
+ } else if (startswith(line, "container=")) {
+ fclose(f);
+ *id = "other-container";
+ return 1;
+ }
+
+ } while (!done);
+
+ fclose(f);
+ }
+
+ f = fopen("/proc/self/cgroup", "re");
+ if (f) {
for (;;) {
char line[LINE_MAX], *p;
@@ -4429,7 +4473,8 @@ int detect_container(const char **id) {
if (!fgets(line, sizeof(line), f))
break;
- if (!(p = strchr(strstrip(line), ':')))
+ p = strchr(strstrip(line), ':');
+ if (!p)
continue;
if (strncmp(p, ":ns:", 4))