virt: when detecting containers and /run/systemd/container cannot be read, check /proc/1/environ
This way, we should be in a slightly better situation if a container is booted up with only a shell as PID 1. In that case /run/systemd/container will not be populated, and a check for it hence be ineffective. Checking /proc/1/environ doesn't fully fix the problem though, as the file is only accessible with privileges. This means if PID 1 is not systemd, and if privileges have been dropped the container detection will continue to fail.
This commit is contained in:
parent
a644abed54
commit
536bfdab4c
|
@ -293,8 +293,26 @@ int detect_container(const char **id) {
|
|||
|
||||
r = read_one_line_file("/run/systemd/container", &m);
|
||||
if (r == -ENOENT) {
|
||||
r = 0;
|
||||
goto finish;
|
||||
|
||||
/* Fallback for cases where PID 1 was not
|
||||
* systemd (for example, cases where
|
||||
* init=/bin/sh is used. */
|
||||
|
||||
r = getenv_for_pid(1, "container", &m);
|
||||
if (r <= 0) {
|
||||
|
||||
/* If that didn't work, give up,
|
||||
* assume no container manager.
|
||||
*
|
||||
* Note: This means we still cannot
|
||||
* detect containers if init=/bin/sh
|
||||
* is passed but privileges dropped,
|
||||
* as /proc/1/environ is only readable
|
||||
* with privileges. */
|
||||
|
||||
r = 0;
|
||||
goto finish;
|
||||
}
|
||||
}
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
|
Loading…
Reference in a new issue