|
 |
8be66a |
From 2f584bd93d64a75ab11b5a5aa31d0b7145da5a86 Mon Sep 17 00:00:00 2001
|
|
|
8be66a |
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
|
8be66a |
Date: Fri, 26 Apr 2019 13:37:31 +0200
|
|
|
8be66a |
Subject: [PATCH] basic/virt: try the /proc/1/sched hack also for PID1
|
|
|
8be66a |
|
|
|
8be66a |
If a container manager does not set $container, we could end up
|
|
|
8be66a |
in a strange situation when detect-virt returns container-other when
|
|
|
8be66a |
run as non-pid-1 and none when run as pid-1.
|
|
|
8be66a |
|
|
|
8be66a |
(cherry picked from commit 342bed02084c4396dd2f1054bd559bfb2699cfcb)
|
|
|
8be66a |
Resolves: #1868877
|
|
|
8be66a |
---
|
|
|
8be66a |
src/basic/virt.c | 16 +++++++++++-----
|
|
|
8be66a |
1 file changed, 11 insertions(+), 5 deletions(-)
|
|
|
8be66a |
|
|
|
8be66a |
diff --git a/src/basic/virt.c b/src/basic/virt.c
|
|
|
8be66a |
index e05b3e6d99..dfa1525219 100644
|
|
|
8be66a |
--- a/src/basic/virt.c
|
|
|
8be66a |
+++ b/src/basic/virt.c
|
|
|
8be66a |
@@ -427,7 +427,6 @@ finish:
|
|
|
8be66a |
}
|
|
|
8be66a |
|
|
|
8be66a |
int detect_container(void) {
|
|
|
8be66a |
-
|
|
|
8be66a |
static const struct {
|
|
|
8be66a |
const char *value;
|
|
|
8be66a |
int id;
|
|
|
8be66a |
@@ -456,9 +455,15 @@ int detect_container(void) {
|
|
|
8be66a |
}
|
|
|
8be66a |
|
|
|
8be66a |
if (getpid_cached() == 1) {
|
|
|
8be66a |
- /* If we are PID 1 we can just check our own environment variable, and that's authoritative. */
|
|
|
8be66a |
-
|
|
|
8be66a |
+ /* If we are PID 1 we can just check our own environment variable, and that's authoritative.
|
|
|
8be66a |
+ * We distinguish three cases:
|
|
|
8be66a |
+ * - the variable is not defined → we jump to other checks
|
|
|
8be66a |
+ * - the variable is defined to an empty value → we are not in a container
|
|
|
8be66a |
+ * - anything else → some container, either one of the known ones or "container-other"
|
|
|
8be66a |
+ */
|
|
|
8be66a |
e = getenv("container");
|
|
|
8be66a |
+ if (!e)
|
|
|
8be66a |
+ goto check_sched;
|
|
|
8be66a |
if (isempty(e)) {
|
|
|
8be66a |
r = VIRTUALIZATION_NONE;
|
|
|
8be66a |
goto finish;
|
|
|
8be66a |
@@ -486,8 +491,9 @@ int detect_container(void) {
|
|
|
8be66a |
if (r < 0) /* This only works if we have CAP_SYS_PTRACE, hence let's better ignore failures here */
|
|
|
8be66a |
log_debug_errno(r, "Failed to read $container of PID 1, ignoring: %m");
|
|
|
8be66a |
|
|
|
8be66a |
- /* Interestingly /proc/1/sched actually shows the host's PID for what we see as PID 1. Hence, if the PID shown
|
|
|
8be66a |
- * there is not 1, we know we are in a PID namespace. and hence a container. */
|
|
|
8be66a |
+ /* Interestingly /proc/1/sched actually shows the host's PID for what we see as PID 1. If the PID
|
|
|
8be66a |
+ * shown there is not 1, we know we are in a PID namespace and hence a container. */
|
|
|
8be66a |
+ check_sched:
|
|
|
8be66a |
r = read_one_line_file("/proc/1/sched", &m);
|
|
|
8be66a |
if (r >= 0) {
|
|
|
8be66a |
const char *t;
|