[systemd-devel] [PATCH] virt: fix container detection when we're not PID 1

Jan Synacek jsynacek at redhat.com
Wed Dec 10 04:52:08 PST 2014

Lennart Poettering <lennart at poettering.net> writes:
> On Wed, 10.12.14 09:21, Jan Synacek (jsynacek at redhat.com) wrote:
>> systemd-detect-virt would print "none" when using nspawn to run a shell
>> inside a container and then running systemd-detect-virt in it, because
>> the shell would be PID 1, not the actuall systemd-detect-virt
>> process.
> So, previously the code read the env var directly from
> /proc/1/environ, but that file is only readable with privs, hence I
> added code to PID 1 to write the value of that env var to
> /run/systemd/container which is readable without privs. Now, if you
> run a shell as PID 1 that will obviously not happen and the detection
> won't work after all. 
> Simply relying that $container is inherited from PID 1 down is
> something I'd really like to avoid, though.

Could you please explain why? I don't see why that might be a problem.

> I have now made a change to the code that falls back to
> getenv_for_pid() if /rub/systemd/container does not exist. THis will
> only be ffective with perms however. The new code hence still isn't
> perfect: if you boot up with only a shell as PID 1 and drop privileges
> the code will still not be able to detect the container manager. Not
> sure what other option we have, though.


Jan Synacek
Software Engineer, Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20141210/8e43b3f5/attachment.sig>

More information about the systemd-devel mailing list