From fdd25311706bd32580ec4d43211cdf4665d2f9de Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 28 May 2014 18:37:11 +0800
Subject: virt: rework container detection logic

Instead of accessing /proc/1/environ directly, trying to read the
$container variable from it, let's make PID 1 save the contents of that
variable to /run/systemd/container. This allows us to detect containers
without the need for CAP_SYS_PTRACE, which allows us to drop it from a
number of daemons and from the file capabilities of systemd-detect-virt.

Also, don't consider chroot a container technology anymore. After all,
we don't consider file system namespaces container technology anymore,
and hence chroot() should be considered a container even less.
---
 Makefile.am | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'Makefile.am')

diff --git a/Makefile.am b/Makefile.am
index 5b26bc3cee..f66ef4275b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1798,9 +1798,6 @@ systemd_detect_virt_SOURCES = \
 systemd_detect_virt_LDADD = \
 	libsystemd-shared.la
 
-systemd-detect-virt-install-hook:
-	-$(SETCAP) cap_dac_override,cap_sys_ptrace=ep $(DESTDIR)$(bindir)/systemd-detect-virt
-
 INSTALL_EXEC_HOOKS += \
 	systemd-detect-virt-install-hook
 
-- 
cgit v1.2.3-54-g00ecf