diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-12-22 17:57:56 +0100 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-12-23 00:46:41 +0100 |
commit | 13b99dccb7617756626f93c102aefff99a964436 (patch) | |
tree | 6e28922f949d05af9139f1b9cd7c313cc765bd97 | |
parent | 21c8d750cd72dd847e2b5051395560629fbdecbb (diff) | |
download | systemd-13b99dccb7617756626f93c102aefff99a964436.tar.gz |
import-creds: don't try to import VM creds in a container
If we run in a container we shouldn#t try to import creds passed in from
a VMM, as they are not for us, but for the VM itself.
-rw-r--r-- | src/core/import-creds.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core/import-creds.c b/src/core/import-creds.c index 0bcd407e68..1f5a15f73b 100644 --- a/src/core/import-creds.c +++ b/src/core/import-creds.c @@ -20,6 +20,7 @@ #include "proc-cmdline.h" #include "recurse-dir.h" #include "strv.h" +#include "virt.h" /* This imports credentials passed in from environments higher up (VM manager, boot loader, …) and rearranges * them so that later code can access them using our regular credential protocol @@ -370,6 +371,9 @@ static int import_credentials_qemu(ImportCredentialContext *c) { assert(c); + if (detect_container() > 0) /* don't access /sys/ in a container */ + return 0; + source_dir_fd = open(QEMU_FWCFG_PATH, O_RDONLY|O_DIRECTORY|O_CLOEXEC); if (source_dir_fd < 0) { if (errno == ENOENT) { @@ -561,6 +565,9 @@ static int import_credentials_smbios(ImportCredentialContext *c) { /* Parses DMI OEM strings fields (SMBIOS type 11), as settable with qemu's -smbios type=11,value=… switch. */ + if (detect_container() > 0) /* don't access /sys/ in a container */ + return 0; + for (unsigned i = 0;; i++) { struct dmi_field_header { uint8_t type; |