[systemd-devel] [PATCH] virt: fix container detection when we're not PID 1
Jan Synacek
jsynacek at redhat.com
Wed Dec 10 04:52:08 PST 2014
Lennart Poettering <lennart at poettering.net> writes:
> On Wed, 10.12.14 09:21, Jan Synacek (jsynacek at redhat.com) wrote:
>
>> systemd-detect-virt would print "none" when using nspawn to run a shell
>> inside a container and then running systemd-detect-virt in it, because
>> the shell would be PID 1, not the actuall systemd-detect-virt
>> process.
>
> So, previously the code read the env var directly from
> /proc/1/environ, but that file is only readable with privs, hence I
> added code to PID 1 to write the value of that env var to
> /run/systemd/container which is readable without privs. Now, if you
> run a shell as PID 1 that will obviously not happen and the detection
> won't work after all.
>
> Simply relying that $container is inherited from PID 1 down is
> something I'd really like to avoid, though.
Could you please explain why? I don't see why that might be a problem.
> I have now made a change to the code that falls back to
> getenv_for_pid() if /rub/systemd/container does not exist. THis will
> only be ffective with perms however. The new code hence still isn't
> perfect: if you boot up with only a shell as PID 1 and drop privileges
> the code will still not be able to detect the container manager. Not
> sure what other option we have, though.
Thanks!
--
Jan Synacek
Software Engineer, Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20141210/8e43b3f5/attachment.sig>
More information about the systemd-devel
mailing list