static int condition_test_virtualization(Condition *c) { int b, v; assert(c); assert(c->parameter); assert(c->type == CONDITION_VIRTUALIZATION); v = detect_virtualization(); if (v < 0) return v; /* First, compare with yes/no */ b = parse_boolean(c->parameter); if (v > 0 && b > 0) return true; if (v == 0 && b == 0) return true; /* Then, compare categorization */ if (VIRTUALIZATION_IS_VM(v) && streq(c->parameter, "vm")) return true; if (VIRTUALIZATION_IS_CONTAINER(v) && streq(c->parameter, "container")) return true; /* Finally compare id */ return v != VIRTUALIZATION_NONE && streq(c->parameter, virtualization_to_string(v)); }
static int condition_test_virtualization(Condition *c) { int b, v; assert(c); assert(c->parameter); assert(c->type == CONDITION_VIRTUALIZATION); if (streq(c->parameter, "private-users")) return running_in_userns(); v = detect_virtualization(); if (v < 0) return v; /* First, compare with yes/no */ b = parse_boolean(c->parameter); if (b >= 0) return b == !!v; /* Then, compare categorization */ if (streq(c->parameter, "vm")) return VIRTUALIZATION_IS_VM(v); if (streq(c->parameter, "container")) return VIRTUALIZATION_IS_CONTAINER(v); /* Finally compare id */ return v != VIRTUALIZATION_NONE && streq(c->parameter, virtualization_to_string(v)); }
int main(int argc, char *argv[]) { int a, v; v = detect_virtualization(); if (v == -EPERM || v == -EACCES) return EXIT_TEST_SKIP; assert_se(v >= 0); log_info("virtualization=%s id=%s", VIRTUALIZATION_IS_CONTAINER(v) ? "container" : VIRTUALIZATION_IS_VM(v) ? "vm" : "n/a", virtualization_to_string(v)); a = uname_architecture(); assert_se(a >= 0); log_info("uname architecture=%s", architecture_to_string(a)); a = native_architecture(); assert_se(a >= 0); log_info("native architecture=%s", architecture_to_string(a)); log_info("primary library architecture=" LIB_ARCH_TUPLE); return 0; }
int main(int argc, char *argv[]) { int a, v; const char *p; assert_se(architecture_from_string("") < 0); assert_se(architecture_from_string(NULL) < 0); assert_se(architecture_from_string("hoge") < 0); assert_se(architecture_to_string(-1) == NULL); assert_se(architecture_from_string(architecture_to_string(0)) == 0); assert_se(architecture_from_string(architecture_to_string(1)) == 1); v = detect_virtualization(); if (IN_SET(v, -EPERM, -EACCES)) return EXIT_TEST_SKIP; assert_se(v >= 0); log_info("virtualization=%s id=%s", VIRTUALIZATION_IS_CONTAINER(v) ? "container" : VIRTUALIZATION_IS_VM(v) ? "vm" : "n/a", virtualization_to_string(v)); a = uname_architecture(); assert_se(a >= 0); p = architecture_to_string(a); assert_se(p); log_info("uname architecture=%s", p); assert_se(architecture_from_string(p) == a); a = native_architecture(); assert_se(a >= 0); p = architecture_to_string(a); assert_se(p); log_info("native architecture=%s", p); assert_se(architecture_from_string(p) == a); log_info("primary library architecture=" LIB_ARCH_TUPLE); return 0; }
int detect_container(void) { static const struct { const char *value; int id; } value_table[] = { { "lxc", VIRTUALIZATION_LXC }, { "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT }, { "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN }, { "docker", VIRTUALIZATION_DOCKER }, { "rkt", VIRTUALIZATION_RKT }, }; static thread_local int cached_found = _VIRTUALIZATION_INVALID; _cleanup_free_ char *m = NULL; const char *e = NULL; unsigned j; int r; if (cached_found >= 0) return cached_found; /* /proc/vz exists in container and outside of the container, * /proc/bc only outside of the container. */ if (access("/proc/vz", F_OK) >= 0 && access("/proc/bc", F_OK) < 0) { r = VIRTUALIZATION_OPENVZ; goto finish; } if (getpid() == 1) { /* If we are PID 1 we can just check our own * environment variable */ e = getenv("container"); if (isempty(e)) { r = VIRTUALIZATION_NONE; goto finish; } } else { /* Otherwise, PID 1 dropped this information into a * file in /run. This is better than accessing * /proc/1/environ, since we don't need CAP_SYS_PTRACE * for that. */ r = read_one_line_file("/run/systemd/container", &m); if (r == -ENOENT) { /* Fallback for cases where PID 1 was not * systemd (for example, cases where * init=/bin/sh is used. */ r = getenv_for_pid(1, "container", &m); if (r <= 0) { /* If that didn't work, give up, * assume no container manager. * * Note: This means we still cannot * detect containers if init=/bin/sh * is passed but privileges dropped, * as /proc/1/environ is only readable * with privileges. */ r = VIRTUALIZATION_NONE; goto finish; } } if (r < 0) return r; e = m; } for (j = 0; j < ELEMENTSOF(value_table); j++) if (streq(e, value_table[j].value)) { r = value_table[j].id; goto finish; } r = VIRTUALIZATION_CONTAINER_OTHER; finish: log_debug("Found container virtualization %s", virtualization_to_string(r)); cached_found = r; return r; }