From 65bc2c21140d20e757b0aed9bb23286939426abb Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 23 Sep 2011 04:38:39 +0200 Subject: util: detect systemd-nspawn without relying on ns cgroup tree --- man/systemd.unit.xml | 19 ++++++++++++------- src/detect-virt.c | 3 ++- src/util.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 62 insertions(+), 11 deletions(-) diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index f4764f9557..9066e66cc2 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -746,18 +746,22 @@ whether it is a specific implementation. Takes either boolean value to check if being executed in - any virtual environment or one of the + any virtual environment or one of qemu, kvm, vmware, microsoft, oracle, xen, - pidns, - openvz to test - against a specific implementation. The - test may be negated by prepending an - exclamation mark. + openvz, + lxc, + systemd-nspawn, + pidns to test + against a specific implementation. If + multiple virtualization technologies + are nested only the innermost is + considered. The test may be negated by + prepending an exclamation mark. ConditionSecurity= may be used to check whether the given security module is enabled on the @@ -788,7 +792,8 @@ pipe symbol must be passed first, the exclamation second. Except for ConditionPathIsSymbolicLink=, - all path checks follow symlinks. + all path checks follow + symlinks. diff --git a/src/detect-virt.c b/src/detect-virt.c index 57f0176668..324f182c7e 100644 --- a/src/detect-virt.c +++ b/src/detect-virt.c @@ -34,7 +34,8 @@ int main(int argc, char *argv[]) { * to detect whether we are being run in a virtualized * environment or not */ - if ((r = detect_virtualization(&id)) < 0) { + r = detect_virtualization(&id); + if (r < 0) { log_error("Failed to check for virtualization: %s", strerror(-r)); return EXIT_FAILURE; } diff --git a/src/util.c b/src/util.c index 36c8938c2f..33b6fd4809 100644 --- a/src/util.c +++ b/src/util.c @@ -4384,7 +4384,7 @@ int detect_vm(const char **id) { if (hypervisor) { if (id) - *id = "other"; + *id = "other-vm"; return 1; } @@ -4421,7 +4421,51 @@ int detect_container(const char **id) { return 1; } - if ((f = fopen("/proc/self/cgroup", "re"))) { + f = fopen("/proc/1/environ", "re"); + if (f) { + bool done = false; + + do { + char line[LINE_MAX]; + unsigned i; + + for (i = 0; i < sizeof(line)-1; i++) { + int c; + + c = getc(f); + if (_unlikely_(c == EOF)) { + done = true; + break; + } else if (c == 0) + break; + + line[i] = c; + } + line[i] = 0; + + if (streq(line, "container=lxc")) { + fclose(f); + *id = "lxc"; + return 1; + + } else if (streq(line, "container=systemd-nspawn")) { + fclose(f); + *id = "systemd-nspawn"; + return 1; + + } else if (startswith(line, "container=")) { + fclose(f); + *id = "other-container"; + return 1; + } + + } while (!done); + + fclose(f); + } + + f = fopen("/proc/self/cgroup", "re"); + if (f) { for (;;) { char line[LINE_MAX], *p; @@ -4429,7 +4473,8 @@ int detect_container(const char **id) { if (!fgets(line, sizeof(line), f)) break; - if (!(p = strchr(strstrip(line), ':'))) + p = strchr(strstrip(line), ':'); + if (!p) continue; if (strncmp(p, ":ns:", 4)) -- cgit v1.2.3-54-g00ecf