virt: when detecting containers and /run/systemd/container cannot be read, check /proc/1/environ

This way, we should be in a slightly better situation if a container is booted up with only a shell as PID 1. In that case /run/systemd/container will not be populated, and a check for it hence be ineffective. Checking /proc/1/environ doesn't fully fix the problem though, as the file is only accessible with privileges. This means if PID 1 is not systemd, and if privileges have been dropped the container detection will continue to fail.
2014-12-10 13:23:49 +01:00 · 2014-12-10 13:23:49 +01:00 · 536bfdab4c
parent a644abed54
commit 536bfdab4c
1 changed files with 20 additions and 2 deletions
--- a/src/shared/virt.c
+++ b/src/shared/virt.c
@ -293,8 +293,26 @@ int detect_container(const char **id) {

                r = read_one_line_file("/run/systemd/container", &m);
                if (r == -ENOENT) {
-                        r = 0;
-                        goto finish;
+
+                        /* Fallback for cases where PID 1 was not
+                         * systemd (for example, cases where
+                         * init=/bin/sh is used. */
+
+                        r = getenv_for_pid(1, "container", &m);
+                        if (r <= 0) {
+
+                                /* If that didn't work, give up,
+                                 * assume no container manager.
+                                 *
+                                 * Note: This means we still cannot
+                                 * detect containers if init=/bin/sh
+                                 * is passed but privileges dropped,
+                                 * as /proc/1/environ is only readable
+                                 * with privileges. */
+
+                                r = 0;
+                                goto finish;
+                        }
                }
                if (r < 0)
                        return r;