From fdd25311706bd32580ec4d43211cdf4665d2f9de Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 28 May 2014 18:37:11 +0800 Subject: virt: rework container detection logic Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less. --- src/core/main.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/core') diff --git a/src/core/main.c b/src/core/main.c index 77cc2fbbdd..d5d1ee2b0c 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1261,6 +1261,16 @@ static int status_welcome(void) { isempty(pretty_name) ? "Linux" : pretty_name); } +static int write_container_id(void) { + const char *c; + + c = getenv("container"); + if (isempty(c)) + return 0; + + return write_string_file("/run/systemd/container", c); +} + int main(int argc, char *argv[]) { Manager *m = NULL; int r, retval = EXIT_FAILURE; @@ -1544,6 +1554,8 @@ int main(int argc, char *argv[]) { if (virtualization) log_info("Detected virtualization '%s'.", virtualization); + write_container_id(); + log_info("Detected architecture '%s'.", architecture_to_string(uname_architecture())); if (in_initrd()) -- cgit v1.2.3-54-g00ecf