diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-08-14 19:58:37 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-08-20 10:17:55 +0200 |
| commit | 0f48ba7b8489770629f1b951a859e719666616ce (patch) | |
| tree | 56c7ad9a8ed4bcec3ac138520074c83394f308d5 /src/basic/virt.c | |
| parent | 9fac502920a648d82e21b207989bfc3c00fbdebc (diff) | |
| download | systemd-0f48ba7b8489770629f1b951a859e719666616ce.tar.gz | |
nspawn: provide $container and $container_uuid in /run/host too
This has the major benefit that the entire payload of the container can
access these files there. Previously, we'd set them only as env vars,
but that meant only PID 1 could read them directly or other privileged
payload code with access to /run/1/environ.
Diffstat (limited to 'src/basic/virt.c')
| -rw-r--r-- | src/basic/virt.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/basic/virt.c b/src/basic/virt.c index 4c2280cfd6..212b3b7039 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -491,6 +491,16 @@ int detect_container(void) { } } + /* The container manager might have placed this in the /run/host hierarchy for us, which is best + * because we can be consumed just like that, without special privileges. */ + r = read_one_line_file("/run/host/container-manager", &m); + if (r > 0) { + e = m; + goto translate_name; + } + if (!IN_SET(r, -ENOENT, 0)) + return log_debug_errno(r, "Failed to read /run/systemd/container: %m"); + if (getpid_cached() == 1) { /* If we are PID 1 we can just check our own environment variable, and that's authoritative. * We distinguish three cases: |