static int condition_test_virtualization(Condition *c) {
int b, v;
assert(c);
assert(c->parameter);
assert(c->type == CONDITION_VIRTUALIZATION);
v = detect_virtualization();
if (v < 0)
return v;
/* First, compare with yes/no */
b = parse_boolean(c->parameter);
if (v > 0 && b > 0)
return true;
if (v == 0 && b == 0)
return true;
/* Then, compare categorization */
if (VIRTUALIZATION_IS_VM(v) && streq(c->parameter, "vm"))
return true;
if (VIRTUALIZATION_IS_CONTAINER(v) && streq(c->parameter, "container"))
return true;
/* Finally compare id */
return v != VIRTUALIZATION_NONE && streq(c->parameter, virtualization_to_string(v));
}
static int condition_test_virtualization(Condition *c) {
int b, v;
assert(c);
assert(c->parameter);
assert(c->type == CONDITION_VIRTUALIZATION);
if (streq(c->parameter, "private-users"))
return running_in_userns();
v = detect_virtualization();
if (v < 0)
return v;
/* First, compare with yes/no */
b = parse_boolean(c->parameter);
if (b >= 0)
return b == !!v;
/* Then, compare categorization */
if (streq(c->parameter, "vm"))
return VIRTUALIZATION_IS_VM(v);
if (streq(c->parameter, "container"))
return VIRTUALIZATION_IS_CONTAINER(v);
/* Finally compare id */
return v != VIRTUALIZATION_NONE && streq(c->parameter, virtualization_to_string(v));
}
int main(int argc, char *argv[]) {
int a, v;
v = detect_virtualization();
if (v == -EPERM || v == -EACCES)
return EXIT_TEST_SKIP;
assert_se(v >= 0);
log_info("virtualization=%s id=%s",
VIRTUALIZATION_IS_CONTAINER(v) ? "container" :
VIRTUALIZATION_IS_VM(v) ? "vm" : "n/a",
virtualization_to_string(v));
a = uname_architecture();
assert_se(a >= 0);
log_info("uname architecture=%s", architecture_to_string(a));
a = native_architecture();
assert_se(a >= 0);
log_info("native architecture=%s", architecture_to_string(a));
log_info("primary library architecture=" LIB_ARCH_TUPLE);
return 0;
}
int main(int argc, char *argv[]) {
int a, v;
const char *p;
assert_se(architecture_from_string("") < 0);
assert_se(architecture_from_string(NULL) < 0);
assert_se(architecture_from_string("hoge") < 0);
assert_se(architecture_to_string(-1) == NULL);
assert_se(architecture_from_string(architecture_to_string(0)) == 0);
assert_se(architecture_from_string(architecture_to_string(1)) == 1);
v = detect_virtualization();
if (IN_SET(v, -EPERM, -EACCES))
return EXIT_TEST_SKIP;
assert_se(v >= 0);
log_info("virtualization=%s id=%s",
VIRTUALIZATION_IS_CONTAINER(v) ? "container" :
VIRTUALIZATION_IS_VM(v) ? "vm" : "n/a",
virtualization_to_string(v));
a = uname_architecture();
assert_se(a >= 0);
p = architecture_to_string(a);
assert_se(p);
log_info("uname architecture=%s", p);
assert_se(architecture_from_string(p) == a);
a = native_architecture();
assert_se(a >= 0);
p = architecture_to_string(a);
assert_se(p);
log_info("native architecture=%s", p);
assert_se(architecture_from_string(p) == a);
log_info("primary library architecture=" LIB_ARCH_TUPLE);
return 0;
}
int detect_container(void) {
static const struct {
const char *value;
int id;
} value_table[] = {
{ "lxc", VIRTUALIZATION_LXC },
{ "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT },
{ "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN },
{ "docker", VIRTUALIZATION_DOCKER },
{ "rkt", VIRTUALIZATION_RKT },
};
static thread_local int cached_found = _VIRTUALIZATION_INVALID;
_cleanup_free_ char *m = NULL;
const char *e = NULL;
unsigned j;
int r;
if (cached_found >= 0)
return cached_found;
/* /proc/vz exists in container and outside of the container,
* /proc/bc only outside of the container. */
if (access("/proc/vz", F_OK) >= 0 &&
access("/proc/bc", F_OK) < 0) {
r = VIRTUALIZATION_OPENVZ;
goto finish;
}
if (getpid() == 1) {
/* If we are PID 1 we can just check our own
* environment variable */
e = getenv("container");
if (isempty(e)) {
r = VIRTUALIZATION_NONE;
goto finish;
}
} else {
/* Otherwise, PID 1 dropped this information into a
* file in /run. This is better than accessing
* /proc/1/environ, since we don't need CAP_SYS_PTRACE
* for that. */
r = read_one_line_file("/run/systemd/container", &m);
if (r == -ENOENT) {
/* Fallback for cases where PID 1 was not
* systemd (for example, cases where
* init=/bin/sh is used. */
r = getenv_for_pid(1, "container", &m);
if (r <= 0) {
/* If that didn't work, give up,
* assume no container manager.
*
* Note: This means we still cannot
* detect containers if init=/bin/sh
* is passed but privileges dropped,
* as /proc/1/environ is only readable
* with privileges. */
r = VIRTUALIZATION_NONE;
goto finish;
}
}
if (r < 0)
return r;
e = m;
}
for (j = 0; j < ELEMENTSOF(value_table); j++)
if (streq(e, value_table[j].value)) {
r = value_table[j].id;
goto finish;
}
r = VIRTUALIZATION_CONTAINER_OTHER;
finish:
log_debug("Found container virtualization %s", virtualization_to_string(r));
cached_found = r;
return r;
}
