2 files changed, 44 insertions, 10 deletions
diff --git a/src/grp-initprogs/systemd-detect-virt/detect-virt.c b/src/grp-initprogs/systemd-detect-virt/detect-virt.c
index 80f4f72fab..484f689c4c 100644
--- a/src/grp-initprogs/systemd-detect-virt/detect-virt.c
+++ b/src/grp-initprogs/systemd-detect-virt/detect-virt.c
@@ -31,6 +31,7 @@ static enum {
         ONLY_VM,
         ONLY_CONTAINER,
         ONLY_CHROOT,
+        ONLY_PRIVATE_USERS,
 } arg_mode = ANY_VIRTUALIZATION;
 
 static void help(void) {
@@ -41,6 +42,7 @@ static void help(void) {
                "  -c --container        Only detect whether we are run in a container\n"
                "  -v --vm               Only detect whether we are run in a VM\n"
                "  -r --chroot           Detect whether we are run in a chroot() environment\n"
+               "     --private-users    Only detect whether we are running in a user namespace\n"
                "  -q --quiet            Don't output anything, just set return value\n"
                , program_invocation_short_name);
 }
@@ -48,16 +50,18 @@ static void help(void) {
 static int parse_argv(int argc, char *argv[]) {
 
         enum {
-                ARG_VERSION = 0x100
+                ARG_VERSION = 0x100,
+                ARG_PRIVATE_USERS,
         };
 
         static const struct option options[] = {
-                { "help",      no_argument,       NULL, 'h'           },
-                { "version",   no_argument,       NULL, ARG_VERSION   },
-                { "container", no_argument,       NULL, 'c'           },
-                { "vm",        no_argument,       NULL, 'v'           },
-                { "chroot",    no_argument,       NULL, 'r'           },
-                { "quiet",     no_argument,       NULL, 'q'           },
+                { "help",          no_argument, NULL, 'h'               },
+                { "version",       no_argument, NULL, ARG_VERSION       },
+                { "container",     no_argument, NULL, 'c'               },
+                { "vm",            no_argument, NULL, 'v'               },
+                { "chroot",        no_argument, NULL, 'r'               },
+                { "private-users", no_argument, NULL, ARG_PRIVATE_USERS },
+                { "quiet",         no_argument, NULL, 'q'               },
                 {}
         };
 
@@ -85,6 +89,10 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_mode = ONLY_CONTAINER;
                         break;
 
+                case ARG_PRIVATE_USERS:
+                        arg_mode = ONLY_PRIVATE_USERS;
+                        break;
+
                 case 'v':
                         arg_mode = ONLY_VM;
                         break;
@@ -151,6 +159,15 @@ int main(int argc, char *argv[]) {
 
                 return r ? EXIT_SUCCESS : EXIT_FAILURE;
 
+        case ONLY_PRIVATE_USERS:
+                r = running_in_userns();
+                if (r < 0) {
+                        log_error_errno(r, "Failed to check for user namespace: %m");
+                        return EXIT_FAILURE;
+                }
+
+                return r ? EXIT_SUCCESS : EXIT_FAILURE;
+
         case ANY_VIRTUALIZATION:
         default:
                 r = detect_virtualization();
diff --git a/src/grp-initprogs/systemd-detect-virt/systemd-detect-virt.xml b/src/grp-initprogs/systemd-detect-virt/systemd-detect-virt.xml
index 2b7f4e69ab..996c2fa256 100644
--- a/src/grp-initprogs/systemd-detect-virt/systemd-detect-virt.xml
+++ b/src/grp-initprogs/systemd-detect-virt/systemd-detect-virt.xml
@@ -50,7 +50,8 @@
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>systemd-detect-virt <arg choice="opt" rep="repeat">OPTIONS</arg></command>
+      <command>systemd-detect-virt</command>
+      <arg choice="opt" rep="repeat">OPTIONS</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -88,7 +89,7 @@
         </thead>
         <tbody>
           <row>
-            <entry valign="top" morerows="9">VM</entry>
+            <entry valign="top" morerows="10">VM</entry>
             <entry><varname>qemu</varname></entry>
             <entry>QEMU software virtualization</entry>
           </row>
@@ -138,6 +139,11 @@
             <entry>Parallels Desktop, Parallels Server</entry>
           </row>
 
+           <row>
+            <entry><varname>bhyve</varname></entry>
+            <entry>bhyve, FreeBSD hypervisor</entry>
+          </row>
+
           <row>
             <entry valign="top" morerows="5">Container</entry>
             <entry><varname>openvz</varname></entry>
@@ -213,6 +219,16 @@
       </varlistentry>
 
       <varlistentry>
+        <term><option>--private-users</option></term>
+
+        <listitem><para>Detect whether invoked in a user namespace.  In this mode, no
+        output is written, but the return value indicates whether the process was invoked
+        inside of a user namespace or not. See
+        <citerefentry project='man-pages'><refentrytitle>user_namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+        for more information.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>-q</option></term>
         <term><option>--quiet</option></term>
 
@@ -238,7 +254,8 @@
     <para>
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>
     </para>
   </refsect1>