From 299a34c11a4241f8c5832ccd5a7bc13263f8488b Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Thu, 20 Oct 2016 23:41:21 -0400
Subject: detect-virt: add --private-users switch to check if a userns is
 active

Various things don't work when we're running in a user namespace, but it's
pretty hard to reliably detect if that is true.

A function is added which looks at /proc/self/uid_map and returns false
if the default "0 0 UINT32_MAX" is found, and true if it finds anything else.
This misses the case where an 1:1 mapping with the full range was used, but
I don't know how to distinguish this case.

'systemd-detect-virt --private-users' is very similar to
'systemd-detect-virt --chroot', but we check for a user namespace instead.
---
 man/systemd-detect-virt.xml | 16 ++++++++++++++--
 man/systemd.unit.xml        |  3 ++-
 2 files changed, 16 insertions(+), 3 deletions(-)

(limited to 'man')

diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
index 61a5f8937f..996c2fa256 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -50,7 +50,8 @@
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>systemd-detect-virt <arg choice="opt" rep="repeat">OPTIONS</arg></command>
+      <command>systemd-detect-virt</command>
+      <arg choice="opt" rep="repeat">OPTIONS</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -217,6 +218,16 @@
         environment or not.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><option>--private-users</option></term>
+
+        <listitem><para>Detect whether invoked in a user namespace.  In this mode, no
+        output is written, but the return value indicates whether the process was invoked
+        inside of a user namespace or not. See
+        <citerefentry project='man-pages'><refentrytitle>user_namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+        for more information.</para></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><option>-q</option></term>
         <term><option>--quiet</option></term>
@@ -243,7 +254,8 @@
     <para>
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>
     </para>
   </refsect1>
 
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 04efee2891..40c4cfd854 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -908,7 +908,8 @@
         <varname>systemd-nspawn</varname>,
         <varname>docker</varname>,
         <varname>rkt</varname> to test
-        against a specific implementation. See
+        against a specific implementation, or
+        <varname>private-users</varname> to check whether we are running in a user namespace. See
         <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
         for a full list of known virtualization technologies and their
         identifiers. If multiple virtualization technologies are
-- 
cgit v1.2.3-54-g00ecf