diff options
-rw-r--r-- | man/systemd.unit.xml | 19 | ||||
-rw-r--r-- | src/detect-virt.c | 3 | ||||
-rw-r--r-- | src/util.c | 51 |
3 files changed, 62 insertions, 11 deletions
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index f4764f9557..9066e66cc2 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -746,18 +746,22 @@ whether it is a specific implementation. Takes either boolean value to check if being executed in - any virtual environment or one of the + any virtual environment or one of <varname>qemu</varname>, <varname>kvm</varname>, <varname>vmware</varname>, <varname>microsoft</varname>, <varname>oracle</varname>, <varname>xen</varname>, - <varname>pidns</varname>, - <varname>openvz</varname> to test - against a specific implementation. The - test may be negated by prepending an - exclamation mark. + <varname>openvz</varname>, + <varname>lxc</varname>, + <varname>systemd-nspawn</varname>, + <varname>pidns</varname> to test + against a specific implementation. If + multiple virtualization technologies + are nested only the innermost is + considered. The test may be negated by + prepending an exclamation mark. <varname>ConditionSecurity=</varname> may be used to check whether the given security module is enabled on the @@ -788,7 +792,8 @@ pipe symbol must be passed first, the exclamation second. Except for <varname>ConditionPathIsSymbolicLink=</varname>, - all path checks follow symlinks.</para></listitem> + all path checks follow + symlinks.</para></listitem> </varlistentry> <varlistentry> diff --git a/src/detect-virt.c b/src/detect-virt.c index 57f0176668..324f182c7e 100644 --- a/src/detect-virt.c +++ b/src/detect-virt.c @@ -34,7 +34,8 @@ int main(int argc, char *argv[]) { * to detect whether we are being run in a virtualized * environment or not */ - if ((r = detect_virtualization(&id)) < 0) { + r = detect_virtualization(&id); + if (r < 0) { log_error("Failed to check for virtualization: %s", strerror(-r)); return EXIT_FAILURE; } diff --git a/src/util.c b/src/util.c index 36c8938c2f..33b6fd4809 100644 --- a/src/util.c +++ b/src/util.c @@ -4384,7 +4384,7 @@ int detect_vm(const char **id) { if (hypervisor) { if (id) - *id = "other"; + *id = "other-vm"; return 1; } @@ -4421,7 +4421,51 @@ int detect_container(const char **id) { return 1; } - if ((f = fopen("/proc/self/cgroup", "re"))) { + f = fopen("/proc/1/environ", "re"); + if (f) { + bool done = false; + + do { + char line[LINE_MAX]; + unsigned i; + + for (i = 0; i < sizeof(line)-1; i++) { + int c; + + c = getc(f); + if (_unlikely_(c == EOF)) { + done = true; + break; + } else if (c == 0) + break; + + line[i] = c; + } + line[i] = 0; + + if (streq(line, "container=lxc")) { + fclose(f); + *id = "lxc"; + return 1; + + } else if (streq(line, "container=systemd-nspawn")) { + fclose(f); + *id = "systemd-nspawn"; + return 1; + + } else if (startswith(line, "container=")) { + fclose(f); + *id = "other-container"; + return 1; + } + + } while (!done); + + fclose(f); + } + + f = fopen("/proc/self/cgroup", "re"); + if (f) { for (;;) { char line[LINE_MAX], *p; @@ -4429,7 +4473,8 @@ int detect_container(const char **id) { if (!fgets(line, sizeof(line), f)) break; - if (!(p = strchr(strstrip(line), ':'))) + p = strchr(strstrip(line), ':'); + if (!p) continue; if (strncmp(p, ":ns:", 4)) |