55 lines
2.2 KiB
Diff
55 lines
2.2 KiB
Diff
From c00066735ed5381d2dfe166d27f1dfa55a3598fb Mon Sep 17 00:00:00 2001
|
|
From: Lennart Poettering <lennart@poettering.net>
|
|
Date: Wed, 10 Dec 2014 13:23:49 +0100
|
|
Subject: [PATCH] virt: when detecting containers and /run/systemd/container
|
|
cannot be read, check /proc/1/environ
|
|
|
|
This way, we should be in a slightly better situation if a container is
|
|
booted up with only a shell as PID 1. In that case
|
|
/run/systemd/container will not be populated, and a check for it hence
|
|
be ineffective.
|
|
|
|
Checking /proc/1/environ doesn't fully fix the problem though, as the
|
|
file is only accessible with privileges. This means if PID 1 is not
|
|
systemd, and if privileges have been dropped the container detection
|
|
will continue to fail.
|
|
|
|
(cherry picked from commit 536bfdab4cca38916ec8b112a6f80b0c068cc806)
|
|
---
|
|
src/shared/virt.c | 22 ++++++++++++++++++++--
|
|
1 file changed, 20 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/shared/virt.c b/src/shared/virt.c
|
|
index f9c4e67c74..f10baab40b 100644
|
|
--- a/src/shared/virt.c
|
|
+++ b/src/shared/virt.c
|
|
@@ -293,8 +293,26 @@ int detect_container(const char **id) {
|
|
|
|
r = read_one_line_file("/run/systemd/container", &m);
|
|
if (r == -ENOENT) {
|
|
- r = 0;
|
|
- goto finish;
|
|
+
|
|
+ /* Fallback for cases where PID 1 was not
|
|
+ * systemd (for example, cases where
|
|
+ * init=/bin/sh is used. */
|
|
+
|
|
+ r = getenv_for_pid(1, "container", &m);
|
|
+ if (r <= 0) {
|
|
+
|
|
+ /* If that didn't work, give up,
|
|
+ * assume no container manager.
|
|
+ *
|
|
+ * Note: This means we still cannot
|
|
+ * detect containers if init=/bin/sh
|
|
+ * is passed but privileges dropped,
|
|
+ * as /proc/1/environ is only readable
|
|
+ * with privileges. */
|
|
+
|
|
+ r = 0;
|
|
+ goto finish;
|
|
+ }
|
|
}
|
|
if (r < 0)
|
|
return r;
|