Compare commits

..

1 Commits

Author SHA1 Message Date
Luca Boccassi a2bc7476fb detect-virt: check the inode number of the pid namespace
The indoe number of root pid namespace is hardcoded in the kernel to
0xEFFFFFFC since 3.8, so check the inode number of our pid namespace
if all else fails. If it's not 0xEFFFFFFC then we are in a pid
namespace, hence a container environment.

Fixes https://github.com/systemd/systemd/issues/35249
2024-11-21 01:18:34 +00:00
2 changed files with 13 additions and 22 deletions

View File

@ -24,10 +24,6 @@
#include "uid-range.h" #include "uid-range.h"
#include "virt.h" #include "virt.h"
/* Root namespace inode number, as per include/linux/proc_ns.h in the kernel source tree, since v3.8:
* https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=98f842e675f96ffac96e6c50315790912b2812be */
#define PROC_PID_INIT_INO UINT64_C(0xEFFFFFFC)
enum { enum {
SMBIOS_VM_BIT_SET, SMBIOS_VM_BIT_SET,
SMBIOS_VM_BIT_UNSET, SMBIOS_VM_BIT_UNSET,
@ -649,20 +645,6 @@ static int running_in_cgroupns(void) {
} }
} }
static int running_in_pidns(void) {
_cleanup_close_ int pidns_fd = -EBADF;
struct stat st;
pidns_fd = namespace_open_by_type(NAMESPACE_PID);
if (pidns_fd < 0)
return log_debug_errno(pidns_fd, "Failed to open PID namespace, ignoring: %m");
if (fstat(pidns_fd, &st) < 0)
return log_debug_errno(errno, "Failed to fstat pid namespace fd, ignoring: %m");
return (uint64_t) st.st_ino != PROC_PID_INIT_INO;
}
static Virtualization detect_container_files(void) { static Virtualization detect_container_files(void) {
static const struct { static const struct {
const char *file_path; const char *file_path;
@ -692,6 +674,7 @@ static Virtualization detect_container_files(void) {
Virtualization detect_container(void) { Virtualization detect_container(void) {
static thread_local Virtualization cached_found = _VIRTUALIZATION_INVALID; static thread_local Virtualization cached_found = _VIRTUALIZATION_INVALID;
_cleanup_free_ char *m = NULL, *o = NULL, *p = NULL; _cleanup_free_ char *m = NULL, *o = NULL, *p = NULL;
_cleanup_close_ int pidns_fd = -EBADF;
const char *e = NULL; const char *e = NULL;
Virtualization v; Virtualization v;
int r; int r;
@ -816,9 +799,18 @@ check_files:
/* Finally, the root pid namespace has an hardcoded inode number of 0xEFFFFFFC since kernel 3.8, so /* Finally, the root pid namespace has an hardcoded inode number of 0xEFFFFFFC since kernel 3.8, so
* if all else fails we can check the inode number of our pid namespace and compare it. */ * if all else fails we can check the inode number of our pid namespace and compare it. */
if (running_in_pidns() > 0) { pidns_fd = namespace_open_by_type(NAMESPACE_PID);
v = VIRTUALIZATION_CONTAINER_OTHER; if (pidns_fd < 0)
goto finish; log_debug_errno(pidns_fd, "Failed to open PID namespace, ignoring: %m");
else {
struct stat st;
if (fstat(pidns_fd, &st) < 0)
log_debug_errno(errno, "Failed to fstat pid namespace fd, ignoring: %m");
else if ((uint64_t) st.st_ino != 0xEFFFFFFC) {
v = VIRTUALIZATION_CONTAINER_OTHER;
goto finish;
}
} }
/* If none of that worked, give up, assume no container manager. */ /* If none of that worked, give up, assume no container manager. */

View File

@ -4,7 +4,6 @@ set -e
TEST_DESCRIPTION="Tests for auxiliary utilities" TEST_DESCRIPTION="Tests for auxiliary utilities"
NSPAWN_ARGUMENTS="--private-network" NSPAWN_ARGUMENTS="--private-network"
TEST_NO_NSPAWN=1
# shellcheck source=test/test-functions # shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions" . "${TEST_BASE_DIR:?}/test-functions"