[thirdparty/systemd.git] / src / basic / virt.c

/* SPDX-License-Identifier: LGPL-2.1+ */
/***
  This file is part of systemd.

  Copyright 2011 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include "alloc-util.h"
#include "dirent-util.h"
#include "env-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "macro.h"
#include "process-util.h"
#include "stat-util.h"
#include "string-table.h"
#include "string-util.h"
#include "virt.h"

static int detect_vm_cpuid(void) {

        /* CPUID is an x86 specific interface. */
#if defined(__i386__) || defined(__x86_64__)

        static const struct {
                const char *cpuid;
                int id;
        } cpuid_vendor_table[] = {
                { "XenVMMXenVMM", VIRTUALIZATION_XEN       },
                { "KVMKVMKVM",    VIRTUALIZATION_KVM       },
                { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU      },
                /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
                { "VMwareVMware", VIRTUALIZATION_VMWARE    },
                /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */
                { "Microsoft Hv", VIRTUALIZATION_MICROSOFT },
                /* https://wiki.freebsd.org/bhyve */
                { "bhyve bhyve ", VIRTUALIZATION_BHYVE     },
        };

        uint32_t eax, ecx;
        bool hypervisor;

        /* http://lwn.net/Articles/301888/ */

#if defined (__i386__)
#define REG_a "eax"
#define REG_b "ebx"
#elif defined (__amd64__)
#define REG_a "rax"
#define REG_b "rbx"
#endif

        /* First detect whether there is a hypervisor */
        eax = 1;
        __asm__ __volatile__ (
                /* ebx/rbx is being used for PIC! */
                "  push %%"REG_b"         \n\t"
                "  cpuid                  \n\t"
                "  pop %%"REG_b"          \n\t"

                : "=a" (eax), "=c" (ecx)
                : "0" (eax)
        );

        hypervisor = !!(ecx & 0x80000000U);

        if (hypervisor) {
                union {
                        uint32_t sig32[3];
                        char text[13];
                } sig = {};
                unsigned j;

                /* There is a hypervisor, see what it is */
                eax = 0x40000000U;
                __asm__ __volatile__ (
                        /* ebx/rbx is being used for PIC! */
                        "  push %%"REG_b"         \n\t"
                        "  cpuid                  \n\t"
                        "  mov %%ebx, %1          \n\t"
                        "  pop %%"REG_b"          \n\t"

                        : "=a" (eax), "=r" (sig.sig32[0]), "=c" (sig.sig32[1]), "=d" (sig.sig32[2])
                        : "0" (eax)
                );

                log_debug("Virtualization found, CPUID=%s", sig.text);

                for (j = 0; j < ELEMENTSOF(cpuid_vendor_table); j ++)
                        if (streq(sig.text, cpuid_vendor_table[j].cpuid))
                                return cpuid_vendor_table[j].id;

                return VIRTUALIZATION_VM_OTHER;
        }
#endif
        log_debug("No virtualization found in CPUID");

        return VIRTUALIZATION_NONE;
}

static int detect_vm_device_tree(void) {
#if defined(__arm__) || defined(__aarch64__) || defined(__powerpc__) || defined(__powerpc64__)
        _cleanup_free_ char *hvtype = NULL;
        int r;

        r = read_one_line_file("/proc/device-tree/hypervisor/compatible", &hvtype);
        if (r == -ENOENT) {
                _cleanup_closedir_ DIR *dir = NULL;
                struct dirent *dent;

                dir = opendir("/proc/device-tree");
                if (!dir) {
                        if (errno == ENOENT) {
                                log_debug_errno(errno, "/proc/device-tree: %m");
                                return VIRTUALIZATION_NONE;
                        }
                        return -errno;
                }

                FOREACH_DIRENT(dent, dir, return -errno)
                        if (strstr(dent->d_name, "fw-cfg")) {
                                log_debug("Virtualization QEMU: \"fw-cfg\" present in /proc/device-tree/%s", dent->d_name);
                                return VIRTUALIZATION_QEMU;
                        }

                log_debug("No virtualization found in /proc/device-tree/*");
                return VIRTUALIZATION_NONE;
        } else if (r < 0)
                return r;

        log_debug("Virtualization %s found in /proc/device-tree/hypervisor/compatible", hvtype);
        if (streq(hvtype, "linux,kvm"))
                return VIRTUALIZATION_KVM;
        else if (strstr(hvtype, "xen"))
                return VIRTUALIZATION_XEN;
        else
                return VIRTUALIZATION_VM_OTHER;
#else
        log_debug("This platform does not support /proc/device-tree");
        return VIRTUALIZATION_NONE;
#endif
}

static int detect_vm_dmi(void) {
#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)

        static const char *const dmi_vendors[] = {
                "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
                "/sys/class/dmi/id/sys_vendor",
                "/sys/class/dmi/id/board_vendor",
                "/sys/class/dmi/id/bios_vendor"
        };

        static const struct {
                const char *vendor;
                int id;
        } dmi_vendor_table[] = {
                { "KVM",           VIRTUALIZATION_KVM       },
                { "QEMU",          VIRTUALIZATION_QEMU      },
                /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
                { "VMware",        VIRTUALIZATION_VMWARE    },
                { "VMW",           VIRTUALIZATION_VMWARE    },
                { "innotek GmbH",  VIRTUALIZATION_ORACLE    },
                { "Xen",           VIRTUALIZATION_XEN       },
                { "Bochs",         VIRTUALIZATION_BOCHS     },
                { "Parallels",     VIRTUALIZATION_PARALLELS },
                /* https://wiki.freebsd.org/bhyve */
                { "BHYVE",         VIRTUALIZATION_BHYVE     },
        };
        unsigned i;
        int r;

        for (i = 0; i < ELEMENTSOF(dmi_vendors); i++) {
                _cleanup_free_ char *s = NULL;
                unsigned j;

                r = read_one_line_file(dmi_vendors[i], &s);
                if (r < 0) {
                        if (r == -ENOENT)
                                continue;

                        return r;
                }


                for (j = 0; j < ELEMENTSOF(dmi_vendor_table); j++)
                        if (startswith(s, dmi_vendor_table[j].vendor)) {
                                log_debug("Virtualization %s found in DMI (%s)", s, dmi_vendors[i]);
                                return dmi_vendor_table[j].id;
                        }
        }
#endif

        log_debug("No virtualization found in DMI");

        return VIRTUALIZATION_NONE;
}

static int detect_vm_xen(void) {

        /* Check for Dom0 will be executed later in detect_vm_xen_dom0
           The presence of /proc/xen indicates some form of a Xen domain */
        if (access("/proc/xen", F_OK) < 0) {
                log_debug("Virtualization XEN not found, /proc/xen does not exist");
                return VIRTUALIZATION_NONE;
        }

        log_debug("Virtualization XEN found (/proc/xen exists)");
        return VIRTUALIZATION_XEN;
}

static bool detect_vm_xen_dom0(void) {
        _cleanup_free_ char *domcap = NULL;
        char *cap, *i;
        int r;

        r = read_one_line_file("/proc/xen/capabilities", &domcap);
        if (r == -ENOENT) {
                log_debug("Virtualization XEN not found, /proc/xen/capabilities does not exist");
                return false;
        }
        if (r < 0)
                return r;

        i = domcap;
        while ((cap = strsep(&i, ",")))
                if (streq(cap, "control_d"))
                        break;
        if (!cap) {
                log_debug("Virtualization XEN DomU found (/proc/xen/capabilites)");
                return false;
        }

        log_debug("Virtualization XEN Dom0 ignored (/proc/xen/capabilities)");
        return true;
}

static int detect_vm_hypervisor(void) {
        _cleanup_free_ char *hvtype = NULL;
        int r;

        r = read_one_line_file("/sys/hypervisor/type", &hvtype);
        if (r == -ENOENT)
                return VIRTUALIZATION_NONE;
        if (r < 0)
                return r;

        log_debug("Virtualization %s found in /sys/hypervisor/type", hvtype);

        if (streq(hvtype, "xen"))
                return VIRTUALIZATION_XEN;
        else
                return VIRTUALIZATION_VM_OTHER;
}

static int detect_vm_uml(void) {
        _cleanup_free_ char *cpuinfo_contents = NULL;
        int r;

        /* Detect User-Mode Linux by reading /proc/cpuinfo */
        r = read_full_file("/proc/cpuinfo", &cpuinfo_contents, NULL);
        if (r < 0)
                return r;

        if (strstr(cpuinfo_contents, "\nvendor_id\t: User Mode Linux\n")) {
                log_debug("UML virtualization found in /proc/cpuinfo");
                return VIRTUALIZATION_UML;
        }

        log_debug("No virtualization found in /proc/cpuinfo.");
        return VIRTUALIZATION_NONE;
}

static int detect_vm_zvm(void) {

#if defined(__s390__)
        _cleanup_free_ char *t = NULL;
        int r;

        r = get_proc_field("/proc/sysinfo", "VM00 Control Program", WHITESPACE, &t);
        if (r == -ENOENT)
                return VIRTUALIZATION_NONE;
        if (r < 0)
                return r;

        log_debug("Virtualization %s found in /proc/sysinfo", t);
        if (streq(t, "z/VM"))
                return VIRTUALIZATION_ZVM;
        else
                return VIRTUALIZATION_KVM;
#else
        log_debug("This platform does not support /proc/sysinfo");
        return VIRTUALIZATION_NONE;
#endif
}

/* Returns a short identifier for the various VM implementations */
int detect_vm(void) {
        static thread_local int cached_found = _VIRTUALIZATION_INVALID;
        int r, dmi;
        bool other = false;

        if (cached_found >= 0)
                return cached_found;

        /* We have to use the correct order here:
         *
         * -> First try to detect Oracle Virtualbox, even if it uses KVM.
         * -> Second try to detect from cpuid, this will report KVM for
         *    whatever software is used even if info in dmi is overwritten.
         * -> Third try to detect from dmi. */

        dmi = detect_vm_dmi();
        if (dmi == VIRTUALIZATION_ORACLE) {
                r = dmi;
                goto finish;
        }

        r = detect_vm_cpuid();
        if (r < 0)
                return r;
        if (r != VIRTUALIZATION_NONE) {
                if (r == VIRTUALIZATION_VM_OTHER)
                        other = true;
                else
                        goto finish;
        }

        r = dmi;
        if (r < 0)
                return r;
        if (r != VIRTUALIZATION_NONE) {
                if (r == VIRTUALIZATION_VM_OTHER)
                        other = true;
                else
                        goto finish;
        }

        /* x86 xen will most likely be detected by cpuid. If not (most likely
         * because we're not an x86 guest), then we should try the /proc/xen
         * directory next. If that's not found, then we check for the high-level
         * hypervisor sysfs file.
	 */

        r = detect_vm_xen();
        if (r < 0)
                return r;
        if (r != VIRTUALIZATION_NONE) {
                if (r == VIRTUALIZATION_VM_OTHER)
                        other = true;
                else
                        goto finish;
        }

        r = detect_vm_hypervisor();
        if (r < 0)
                return r;
        if (r != VIRTUALIZATION_NONE) {
                if (r == VIRTUALIZATION_VM_OTHER)
                        other = true;
                else
                        goto finish;
        }

        r = detect_vm_device_tree();
        if (r < 0)
                return r;
        if (r != VIRTUALIZATION_NONE) {
                if (r == VIRTUALIZATION_VM_OTHER)
                        other = true;
                else
                        goto finish;
        }

        r = detect_vm_uml();
        if (r < 0)
                return r;
        if (r != VIRTUALIZATION_NONE) {
                if (r == VIRTUALIZATION_VM_OTHER)
                        other = true;
                else
                        goto finish;
        }

        r = detect_vm_zvm();
        if (r < 0)
                return r;

finish:
        /* x86 xen Dom0 is detected as XEN in hypervisor and maybe others.
         * In order to detect the Dom0 as not virtualization we need to
         * double-check it */
        if (r == VIRTUALIZATION_XEN && detect_vm_xen_dom0())
                r = VIRTUALIZATION_NONE;
        else if (r == VIRTUALIZATION_NONE && other)
                r = VIRTUALIZATION_VM_OTHER;

        cached_found = r;
        log_debug("Found VM virtualization %s", virtualization_to_string(r));
        return r;
}

int detect_container(void) {

        static const struct {
                const char *value;
                int id;
        } value_table[] = {
                { "lxc",            VIRTUALIZATION_LXC            },
                { "lxc-libvirt",    VIRTUALIZATION_LXC_LIBVIRT    },
                { "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN },
                { "docker",         VIRTUALIZATION_DOCKER         },
                { "rkt",            VIRTUALIZATION_RKT            },
        };

        static thread_local int cached_found = _VIRTUALIZATION_INVALID;
        _cleanup_free_ char *m = NULL;
        const char *e = NULL;
        unsigned j;
        int r;

        if (cached_found >= 0)
                return cached_found;

        /* /proc/vz exists in container and outside of the container, /proc/bc only outside of the container. */
        if (access("/proc/vz", F_OK) >= 0 &&
            access("/proc/bc", F_OK) < 0) {
                r = VIRTUALIZATION_OPENVZ;
                goto finish;
        }

        if (getpid_cached() == 1) {
                /* If we are PID 1 we can just check our own environment variable, and that's authoritative. */

                e = getenv("container");
                if (isempty(e)) {
                        r = VIRTUALIZATION_NONE;
                        goto finish;
                }

                goto translate_name;
        }

        /* Otherwise, PID 1 might have dropped this information into a file in /run. This is better than accessing
         * /proc/1/environ, since we don't need CAP_SYS_PTRACE for that. */
        r = read_one_line_file("/run/systemd/container", &m);
        if (r >= 0) {
                e = m;
                goto translate_name;
        }
        if (r != -ENOENT)
                return log_debug_errno(r, "Failed to read /run/systemd/container: %m");

        /* Fallback for cases where PID 1 was not systemd (for example, cases where init=/bin/sh is used. */
        r = getenv_for_pid(1, "container", &m);
        if (r > 0) {
                e = m;
                goto translate_name;
        }
        if (r < 0) /* This only works if we have CAP_SYS_PTRACE, hence let's better ignore failures here */
                log_debug_errno(r, "Failed to read $container of PID 1, ignoring: %m");

        /* Interestingly /proc/1/sched actually shows the host's PID for what we see as PID 1. Hence, if the PID shown
         * there is not 1, we know we are in a PID namespace. and hence a container. */
        r = read_one_line_file("/proc/1/sched", &m);
        if (r >= 0) {
                const char *t;

                t = strrchr(m, '(');
                if (!t)
                        return -EIO;

                if (!startswith(t, "(1,")) {
                        r = VIRTUALIZATION_CONTAINER_OTHER;
                        goto finish;
                }
        } else if (r != -ENOENT)
                return r;

        /* If that didn't work, give up, assume no container manager. */
        r = VIRTUALIZATION_NONE;
        goto finish;

translate_name:
        for (j = 0; j < ELEMENTSOF(value_table); j++)
                if (streq(e, value_table[j].value)) {
                        r = value_table[j].id;
                        goto finish;
                }

        r = VIRTUALIZATION_CONTAINER_OTHER;

finish:
        log_debug("Found container virtualization %s.", virtualization_to_string(r));
        cached_found = r;
        return r;
}

int detect_virtualization(void) {
        int r;

        r = detect_container();
        if (r == 0)
                r = detect_vm();

        return r;
}

static int userns_has_mapping(const char *name) {
        _cleanup_fclose_ FILE *f = NULL;
        _cleanup_free_ char *buf = NULL;
        size_t n_allocated = 0;
        ssize_t n;
        uint32_t a, b, c;
        int r;

        f = fopen(name, "re");
        if (!f) {
                log_debug_errno(errno, "Failed to open %s: %m", name);
                return errno == ENOENT ? false : -errno;
        }

        n = getline(&buf, &n_allocated, f);
        if (n < 0) {
                if (feof(f)) {
                        log_debug("%s is empty, we're in an uninitialized user namespace", name);
                        return true;
                }

                return log_debug_errno(errno, "Failed to read %s: %m", name);
        }

        r = sscanf(buf, "%"PRIu32" %"PRIu32" %"PRIu32, &a, &b, &c);
        if (r < 3)
                return log_debug_errno(errno, "Failed to parse %s: %m", name);

        if (a == 0 && b == 0 && c == UINT32_MAX) {
                /* The kernel calls mappings_overlap() and does not allow overlaps */
                log_debug("%s has a full 1:1 mapping", name);
                return false;
        }

        /* Anything else implies that we are in a user namespace */
        log_debug("Mapping found in %s, we're in a user namespace", name);
        return true;
}

int running_in_userns(void) {
        _cleanup_free_ char *line = NULL;
        int r;

        r = userns_has_mapping("/proc/self/uid_map");
        if (r != 0)
                return r;

        r = userns_has_mapping("/proc/self/gid_map");
        if (r != 0)
                return r;

        /* "setgroups" file was added in kernel v3.18-rc6-15-g9cc46516dd. It is also
         * possible to compile a kernel without CONFIG_USER_NS, in which case "setgroups"
         * also does not exist. We cannot distinguish those two cases, so assume that
         * we're running on a stripped-down recent kernel, rather than on an old one,
         * and if the file is not found, return false.
         */
        r = read_one_line_file("/proc/self/setgroups", &line);
        if (r < 0) {
                log_debug_errno(r, "/proc/self/setgroups: %m");
                return r == -ENOENT ? false : r;
        }

        truncate_nl(line);
        r = streq(line, "deny");
        /* See user_namespaces(7) for a description of this "setgroups" contents. */
        log_debug("/proc/self/setgroups contains \"%s\", %s user namespace", line, r ? "in" : "not in");
        return r;
}

int running_in_chroot(void) {
        int ret;

        if (getenv_bool("SYSTEMD_IGNORE_CHROOT") > 0)
                return 0;

        ret = files_same("/proc/1/root", "/", 0);
        if (ret < 0)
                return ret;

        return ret == 0;
}

static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
        [VIRTUALIZATION_NONE] = "none",
        [VIRTUALIZATION_KVM] = "kvm",
        [VIRTUALIZATION_QEMU] = "qemu",
        [VIRTUALIZATION_BOCHS] = "bochs",
        [VIRTUALIZATION_XEN] = "xen",
        [VIRTUALIZATION_UML] = "uml",
        [VIRTUALIZATION_VMWARE] = "vmware",
        [VIRTUALIZATION_ORACLE] = "oracle",
        [VIRTUALIZATION_MICROSOFT] = "microsoft",
        [VIRTUALIZATION_ZVM] = "zvm",
        [VIRTUALIZATION_PARALLELS] = "parallels",
        [VIRTUALIZATION_BHYVE] = "bhyve",
        [VIRTUALIZATION_VM_OTHER] = "vm-other",

        [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn",
        [VIRTUALIZATION_LXC_LIBVIRT] = "lxc-libvirt",
        [VIRTUALIZATION_LXC] = "lxc",
        [VIRTUALIZATION_OPENVZ] = "openvz",
        [VIRTUALIZATION_DOCKER] = "docker",
        [VIRTUALIZATION_RKT] = "rkt",
        [VIRTUALIZATION_CONTAINER_OTHER] = "container-other",
};

DEFINE_STRING_TABLE_LOOKUP(virtualization, int);
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
b52aae1d LP	2	/***
	3	This file is part of systemd.
	4
	5	Copyright 2011 Lennart Poettering
	6
	7	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	8	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	9	the Free Software Foundation; either version 2.1 of the License, or
b52aae1d LP	10	(at your option) any later version.
	11
	12	systemd is distributed in the hope that it will be useful, but
	13	WITHOUT ANY WARRANTY; without even the implied warranty of
	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	15	Lesser General Public License for more details.
b52aae1d	16
5430f7f2	17	You should have received a copy of the GNU Lesser General Public License
b52aae1d LP	18	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	19	***/
	20
b52aae1d	21	#include <errno.h>
11c3a366 TA	22	#include <stdint.h>
11c3a366 TA	23	#include <stdlib.h>
07630cea	24	#include <string.h>
b52aae1d LP	25	#include <unistd.h>
b52aae1d LP	26
b5efdb8a	27	#include "alloc-util.h"
ade61d3b	28	#include "dirent-util.h"
295ee984	29	#include "env-util.h"
ade61d3b	30	#include "fd-util.h"
07630cea	31	#include "fileio.h"
11c3a366	32	#include "macro.h"
93cc7779	33	#include "process-util.h"
b5efdb8a	34	#include "stat-util.h"
8b43440b	35	#include "string-table.h"
07630cea	36	#include "string-util.h"
b52aae1d LP	37	#include "virt.h"
b52aae1d LP	38
75f86906	39	static int detect_vm_cpuid(void) {
b52aae1d	40
2ef8a4c4	41	/* CPUID is an x86 specific interface. */
bdb628ee	42	#if defined(__i386__) \|\| defined(__x86_64__)
b52aae1d	43
75f86906 LP	44	static const struct {
	45	const char *cpuid;
	46	int id;
	47	} cpuid_vendor_table[] = {
	48	{ "XenVMMXenVMM", VIRTUALIZATION_XEN },
	49	{ "KVMKVMKVM", VIRTUALIZATION_KVM },
5588612e	50	{ "TCGTCGTCGTCG", VIRTUALIZATION_QEMU },
b52aae1d	51	/* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
75f86906	52	{ "VMwareVMware", VIRTUALIZATION_VMWARE },
ff85f271	53	/* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */
75f86906	54	{ "Microsoft Hv", VIRTUALIZATION_MICROSOFT },
aa0c3427 LBS	55	/* https://wiki.freebsd.org/bhyve */
aa0c3427 LBS	56	{ "bhyve bhyve ", VIRTUALIZATION_BHYVE },
75f86906	57	};
b52aae1d LP	58
b52aae1d LP	59	uint32_t eax, ecx;
b52aae1d LP	60	bool hypervisor;
	61
	62	/* http://lwn.net/Articles/301888/ */
b52aae1d LP	63
	64	#if defined (__i386__)
	65	#define REG_a "eax"
	66	#define REG_b "ebx"
	67	#elif defined (__amd64__)
	68	#define REG_a "rax"
	69	#define REG_b "rbx"
	70	#endif
	71
	72	/* First detect whether there is a hypervisor */
	73	eax = 1;
	74	__asm__ __volatile__ (
	75	/* ebx/rbx is being used for PIC! */
	76	" push %%"REG_b" \n\t"
	77	" cpuid \n\t"
	78	" pop %%"REG_b" \n\t"
	79
	80	: "=a" (eax), "=c" (ecx)
	81	: "0" (eax)
	82	);
	83
	84	hypervisor = !!(ecx & 0x80000000U);
	85
	86	if (hypervisor) {
75f86906 LP	87	union {
	88	uint32_t sig32[3];
	89	char text[13];
	90	} sig = {};
	91	unsigned j;
b52aae1d LP	92
	93	/* There is a hypervisor, see what it is */
	94	eax = 0x40000000U;
	95	__asm__ __volatile__ (
	96	/* ebx/rbx is being used for PIC! */
	97	" push %%"REG_b" \n\t"
	98	" cpuid \n\t"
	99	" mov %%ebx, %1 \n\t"
	100	" pop %%"REG_b" \n\t"
	101
	102	: "=a" (eax), "=r" (sig.sig32[0]), "=c" (sig.sig32[1]), "=d" (sig.sig32[2])
	103	: "0" (eax)
	104	);
	105
9f63a08d SS	106	log_debug("Virtualization found, CPUID=%s", sig.text);
9f63a08d SS	107
75f86906 LP	108	for (j = 0; j < ELEMENTSOF(cpuid_vendor_table); j ++)
	109	if (streq(sig.text, cpuid_vendor_table[j].cpuid))
	110	return cpuid_vendor_table[j].id;
bdb628ee	111
75f86906	112	return VIRTUALIZATION_VM_OTHER;
b52aae1d	113	}
bdb628ee	114	#endif
9f63a08d	115	log_debug("No virtualization found in CPUID");
bdb628ee	116
75f86906	117	return VIRTUALIZATION_NONE;
bdb628ee ZJS	118	}
bdb628ee ZJS	119
75f86906	120	static int detect_vm_device_tree(void) {
db6a8689	121	#if defined(__arm__) \|\| defined(__aarch64__) \|\| defined(__powerpc__) \|\| defined(__powerpc64__)
d831deb5 CA	122	_cleanup_free_ char *hvtype = NULL;
	123	int r;
	124
b8f1df82	125	r = read_one_line_file("/proc/device-tree/hypervisor/compatible", &hvtype);
75f86906	126	if (r == -ENOENT) {
ce09c71d AJ	127	_cleanup_closedir_ DIR *dir = NULL;
	128	struct dirent *dent;
	129
	130	dir = opendir("/proc/device-tree");
	131	if (!dir) {
9f63a08d SS	132	if (errno == ENOENT) {
9f63a08d SS	133	log_debug_errno(errno, "/proc/device-tree: %m");
75f86906	134	return VIRTUALIZATION_NONE;
9f63a08d	135	}
ce09c71d AJ	136	return -errno;
	137	}
	138
75f86906	139	FOREACH_DIRENT(dent, dir, return -errno)
9f63a08d SS	140	if (strstr(dent->d_name, "fw-cfg")) {
9f63a08d SS	141	log_debug("Virtualization QEMU: \"fw-cfg\" present in /proc/device-tree/%s", dent->d_name);
75f86906	142	return VIRTUALIZATION_QEMU;
9f63a08d	143	}
75f86906	144
9f63a08d	145	log_debug("No virtualization found in /proc/device-tree/*");
75f86906 LP	146	return VIRTUALIZATION_NONE;
	147	} else if (r < 0)
	148	return r;
	149
9f63a08d	150	log_debug("Virtualization %s found in /proc/device-tree/hypervisor/compatible", hvtype);
75f86906 LP	151	if (streq(hvtype, "linux,kvm"))
	152	return VIRTUALIZATION_KVM;
	153	else if (strstr(hvtype, "xen"))
	154	return VIRTUALIZATION_XEN;
	155	else
	156	return VIRTUALIZATION_VM_OTHER;
	157	#else
9f63a08d	158	log_debug("This platform does not support /proc/device-tree");
75f86906	159	return VIRTUALIZATION_NONE;
d831deb5	160	#endif
d831deb5 CA	161	}
d831deb5 CA	162
75f86906	163	static int detect_vm_dmi(void) {
2ef8a4c4	164	#if defined(__i386__) \|\| defined(__x86_64__) \|\| defined(__arm__) \|\| defined(__aarch64__)
bdb628ee ZJS	165
bdb628ee ZJS	166	static const char *const dmi_vendors[] = {
3728dcde	167	"/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
bdb628ee ZJS	168	"/sys/class/dmi/id/sys_vendor",
	169	"/sys/class/dmi/id/board_vendor",
	170	"/sys/class/dmi/id/bios_vendor"
	171	};
	172
75f86906 LP	173	static const struct {
	174	const char *vendor;
	175	int id;
	176	} dmi_vendor_table[] = {
3728dcde	177	{ "KVM", VIRTUALIZATION_KVM },
75f86906	178	{ "QEMU", VIRTUALIZATION_QEMU },
bdb628ee	179	/* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
75f86906 LP	180	{ "VMware", VIRTUALIZATION_VMWARE },
	181	{ "VMW", VIRTUALIZATION_VMWARE },
	182	{ "innotek GmbH", VIRTUALIZATION_ORACLE },
	183	{ "Xen", VIRTUALIZATION_XEN },
	184	{ "Bochs", VIRTUALIZATION_BOCHS },
	185	{ "Parallels", VIRTUALIZATION_PARALLELS },
aa0c3427 LBS	186	/* https://wiki.freebsd.org/bhyve */
aa0c3427 LBS	187	{ "BHYVE", VIRTUALIZATION_BHYVE },
75f86906	188	};
bdb628ee	189	unsigned i;
75f86906	190	int r;
b52aae1d LP	191
b52aae1d LP	192	for (i = 0; i < ELEMENTSOF(dmi_vendors); i++) {
b1b8e816	193	_cleanup_free_ char *s = NULL;
75f86906	194	unsigned j;
b52aae1d	195
b1b8e816 LP	196	r = read_one_line_file(dmi_vendors[i], &s);
b1b8e816 LP	197	if (r < 0) {
75f86906 LP	198	if (r == -ENOENT)
75f86906 LP	199	continue;
b52aae1d	200
75f86906	201	return r;
b52aae1d LP	202	}
b52aae1d LP	203
9f63a08d SS	204
9f63a08d SS	205
75f86906	206	for (j = 0; j < ELEMENTSOF(dmi_vendor_table); j++)
9f63a08d SS	207	if (startswith(s, dmi_vendor_table[j].vendor)) {
9f63a08d SS	208	log_debug("Virtualization %s found in DMI (%s)", s, dmi_vendors[i]);
75f86906	209	return dmi_vendor_table[j].id;
9f63a08d	210	}
b52aae1d	211	}
bdb628ee ZJS	212	#endif
bdb628ee ZJS	213
9f63a08d SS	214	log_debug("No virtualization found in DMI");
9f63a08d SS	215
75f86906	216	return VIRTUALIZATION_NONE;
bdb628ee ZJS	217	}
bdb628ee ZJS	218
75f86906	219	static int detect_vm_xen(void) {
45e1c7d5	220
3f61278b	221	/* Check for Dom0 will be executed later in detect_vm_xen_dom0
87dc723a OH	222	The presence of /proc/xen indicates some form of a Xen domain */
	223	if (access("/proc/xen", F_OK) < 0) {
	224	log_debug("Virtualization XEN not found, /proc/xen does not exist");
3f61278b SS	225	return VIRTUALIZATION_NONE;
	226	}
	227
87dc723a	228	log_debug("Virtualization XEN found (/proc/xen exists)");
45e1c7d5	229	return VIRTUALIZATION_XEN;
3f61278b SS	230	}
	231
	232	static bool detect_vm_xen_dom0(void) {
75f86906 LP	233	_cleanup_free_ char *domcap = NULL;
75f86906 LP	234	char cap, i;
bdb628ee	235	int r;
b52aae1d	236
75f86906	237	r = read_one_line_file("/proc/xen/capabilities", &domcap);
9f63a08d SS	238	if (r == -ENOENT) {
9f63a08d SS	239	log_debug("Virtualization XEN not found, /proc/xen/capabilities does not exist");
3f61278b	240	return false;
9f63a08d	241	}
d5b687e7 LP	242	if (r < 0)
d5b687e7 LP	243	return r;
bdb628ee	244
75f86906 LP	245	i = domcap;
	246	while ((cap = strsep(&i, ",")))
	247	if (streq(cap, "control_d"))
	248	break;
9f63a08d SS	249	if (!cap) {
9f63a08d SS	250	log_debug("Virtualization XEN DomU found (/proc/xen/capabilites)");
3f61278b	251	return false;
9f63a08d SS	252	}
	253
	254	log_debug("Virtualization XEN Dom0 ignored (/proc/xen/capabilities)");
3f61278b	255	return true;
75f86906	256	}
37287585	257
75f86906 LP	258	static int detect_vm_hypervisor(void) {
	259	_cleanup_free_ char *hvtype = NULL;
	260	int r;
37287585	261
75f86906 LP	262	r = read_one_line_file("/sys/hypervisor/type", &hvtype);
	263	if (r == -ENOENT)
	264	return VIRTUALIZATION_NONE;
	265	if (r < 0)
	266	return r;
37287585	267
9f63a08d SS	268	log_debug("Virtualization %s found in /sys/hypervisor/type", hvtype);
9f63a08d SS	269
75f86906 LP	270	if (streq(hvtype, "xen"))
	271	return VIRTUALIZATION_XEN;
	272	else
	273	return VIRTUALIZATION_VM_OTHER;
	274	}
37287585	275
75f86906 LP	276	static int detect_vm_uml(void) {
	277	_cleanup_free_ char *cpuinfo_contents = NULL;
	278	int r;
37287585	279
75f86906 LP	280	/* Detect User-Mode Linux by reading /proc/cpuinfo */
	281	r = read_full_file("/proc/cpuinfo", &cpuinfo_contents, NULL);
	282	if (r < 0)
bdb628ee	283	return r;
9f63a08d SS	284
	285	if (strstr(cpuinfo_contents, "\nvendor_id\t: User Mode Linux\n")) {
	286	log_debug("UML virtualization found in /proc/cpuinfo");
75f86906	287	return VIRTUALIZATION_UML;
9f63a08d	288	}
bdb628ee	289
82f8bae2	290	log_debug("No virtualization found in /proc/cpuinfo.");
75f86906 LP	291	return VIRTUALIZATION_NONE;
75f86906 LP	292	}
e32886e0	293
75f86906	294	static int detect_vm_zvm(void) {
bdb628ee	295
75f86906 LP	296	#if defined(__s390__)
	297	_cleanup_free_ char *t = NULL;
	298	int r;
e32886e0	299
c4cd1d4d	300	r = get_proc_field("/proc/sysinfo", "VM00 Control Program", WHITESPACE, &t);
75f86906 LP	301	if (r == -ENOENT)
	302	return VIRTUALIZATION_NONE;
	303	if (r < 0)
	304	return r;
e32886e0	305
9f63a08d	306	log_debug("Virtualization %s found in /proc/sysinfo", t);
75f86906 LP	307	if (streq(t, "z/VM"))
	308	return VIRTUALIZATION_ZVM;
	309	else
	310	return VIRTUALIZATION_KVM;
	311	#else
9f63a08d	312	log_debug("This platform does not support /proc/sysinfo");
75f86906 LP	313	return VIRTUALIZATION_NONE;
	314	#endif
	315	}
e32886e0	316
75f86906 LP	317	/* Returns a short identifier for the various VM implementations */
	318	int detect_vm(void) {
	319	static thread_local int cached_found = _VIRTUALIZATION_INVALID;
28b1a3ea	320	int r, dmi;
530c1c30	321	bool other = false;
e32886e0	322
75f86906 LP	323	if (cached_found >= 0)
75f86906 LP	324	return cached_found;
bdb628ee	325
f6875b0a	326	/* We have to use the correct order here:
f6875b0a	327	*
28b1a3ea CH	328	* -> First try to detect Oracle Virtualbox, even if it uses KVM.
	329	* -> Second try to detect from cpuid, this will report KVM for
	330	* whatever software is used even if info in dmi is overwritten.
	331	* -> Third try to detect from dmi. */
5f1c788c	332
28b1a3ea	333	dmi = detect_vm_dmi();
2f8e375d BR	334	if (dmi == VIRTUALIZATION_ORACLE) {
	335	r = dmi;
	336	goto finish;
	337	}
5f1c788c	338
28b1a3ea	339	r = detect_vm_cpuid();
75f86906 LP	340	if (r < 0)
75f86906 LP	341	return r;
530c1c30 RC	342	if (r != VIRTUALIZATION_NONE) {
	343	if (r == VIRTUALIZATION_VM_OTHER)
	344	other = true;
	345	else
	346	goto finish;
	347	}
d831deb5	348
28b1a3ea	349	r = dmi;
75f86906 LP	350	if (r < 0)
75f86906 LP	351	return r;
530c1c30 RC	352	if (r != VIRTUALIZATION_NONE) {
	353	if (r == VIRTUALIZATION_VM_OTHER)
	354	other = true;
	355	else
	356	goto finish;
	357	}
b52aae1d	358
42685451	359	/* x86 xen will most likely be detected by cpuid. If not (most likely
87dc723a OH	360	* because we're not an x86 guest), then we should try the /proc/xen
	361	* directory next. If that's not found, then we check for the high-level
	362	* hypervisor sysfs file.
	363	*/
42685451 AJ	364
42685451 AJ	365	r = detect_vm_xen();
7080ea16 RR	366	if (r < 0)
7080ea16 RR	367	return r;
530c1c30 RC	368	if (r != VIRTUALIZATION_NONE) {
	369	if (r == VIRTUALIZATION_VM_OTHER)
	370	other = true;
	371	else
	372	goto finish;
	373	}
7080ea16	374
75f86906 LP	375	r = detect_vm_hypervisor();
	376	if (r < 0)
	377	return r;
530c1c30 RC	378	if (r != VIRTUALIZATION_NONE) {
	379	if (r == VIRTUALIZATION_VM_OTHER)
	380	other = true;
	381	else
	382	goto finish;
	383	}
f41925b4	384
75f86906 LP	385	r = detect_vm_device_tree();
	386	if (r < 0)
	387	return r;
530c1c30 RC	388	if (r != VIRTUALIZATION_NONE) {
	389	if (r == VIRTUALIZATION_VM_OTHER)
	390	other = true;
	391	else
	392	goto finish;
	393	}
f41925b4	394
75f86906 LP	395	r = detect_vm_uml();
	396	if (r < 0)
	397	return r;
530c1c30 RC	398	if (r != VIRTUALIZATION_NONE) {
	399	if (r == VIRTUALIZATION_VM_OTHER)
	400	other = true;
	401	else
	402	goto finish;
	403	}
f41925b4	404
75f86906 LP	405	r = detect_vm_zvm();
	406	if (r < 0)
	407	return r;
0fb533a5 LP	408
0fb533a5 LP	409	finish:
3f61278b SS	410	/* x86 xen Dom0 is detected as XEN in hypervisor and maybe others.
	411	* In order to detect the Dom0 as not virtualization we need to
	412	* double-check it */
	413	if (r == VIRTUALIZATION_XEN && detect_vm_xen_dom0())
	414	r = VIRTUALIZATION_NONE;
530c1c30 RC	415	else if (r == VIRTUALIZATION_NONE && other)
530c1c30 RC	416	r = VIRTUALIZATION_VM_OTHER;
3f61278b	417
0fb533a5	418	cached_found = r;
9f63a08d	419	log_debug("Found VM virtualization %s", virtualization_to_string(r));
0fb533a5	420	return r;
b52aae1d LP	421	}
b52aae1d LP	422
75f86906	423	int detect_container(void) {
0fb533a5	424
75f86906 LP	425	static const struct {
	426	const char *value;
	427	int id;
	428	} value_table[] = {
	429	{ "lxc", VIRTUALIZATION_LXC },
	430	{ "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT },
	431	{ "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN },
	432	{ "docker", VIRTUALIZATION_DOCKER },
9fb16425	433	{ "rkt", VIRTUALIZATION_RKT },
75f86906	434	};
0fb533a5	435
75f86906	436	static thread_local int cached_found = _VIRTUALIZATION_INVALID;
fdd25311	437	_cleanup_free_ char *m = NULL;
75f86906 LP	438	const char *e = NULL;
75f86906 LP	439	unsigned j;
ab94af92	440	int r;
b52aae1d	441
75f86906	442	if (cached_found >= 0)
0fb533a5	443	return cached_found;
0fb533a5	444
8d6e8034	445	/* /proc/vz exists in container and outside of the container, /proc/bc only outside of the container. */
b52aae1d LP	446	if (access("/proc/vz", F_OK) >= 0 &&
b52aae1d LP	447	access("/proc/bc", F_OK) < 0) {
75f86906	448	r = VIRTUALIZATION_OPENVZ;
0fb533a5	449	goto finish;
b52aae1d LP	450	}
b52aae1d LP	451
df0ff127	452	if (getpid_cached() == 1) {
8d6e8034	453	/* If we are PID 1 we can just check our own environment variable, and that's authoritative. */
fdd25311 LP	454
	455	e = getenv("container");
	456	if (isempty(e)) {
75f86906	457	r = VIRTUALIZATION_NONE;
fdd25311 LP	458	goto finish;
fdd25311 LP	459	}
fdd25311	460
8d6e8034 LP	461	goto translate_name;
	462	}
	463
	464	/* Otherwise, PID 1 might have dropped this information into a file in /run. This is better than accessing
	465	* /proc/1/environ, since we don't need CAP_SYS_PTRACE for that. */
	466	r = read_one_line_file("/run/systemd/container", &m);
	467	if (r >= 0) {
	468	e = m;
	469	goto translate_name;
	470	}
	471	if (r != -ENOENT)
	472	return log_debug_errno(r, "Failed to read /run/systemd/container: %m");
	473
	474	/* Fallback for cases where PID 1 was not systemd (for example, cases where init=/bin/sh is used. */
	475	r = getenv_for_pid(1, "container", &m);
	476	if (r > 0) {
fdd25311	477	e = m;
8d6e8034	478	goto translate_name;
fdd25311	479	}
8d6e8034 LP	480	if (r < 0) /* This only works if we have CAP_SYS_PTRACE, hence let's better ignore failures here */
	481	log_debug_errno(r, "Failed to read $container of PID 1, ignoring: %m");
	482
	483	/* Interestingly /proc/1/sched actually shows the host's PID for what we see as PID 1. Hence, if the PID shown
	484	* there is not 1, we know we are in a PID namespace. and hence a container. */
	485	r = read_one_line_file("/proc/1/sched", &m);
	486	if (r >= 0) {
	487	const char *t;
	488
	489	t = strrchr(m, '(');
	490	if (!t)
	491	return -EIO;
	492
	493	if (!startswith(t, "(1,")) {
	494	r = VIRTUALIZATION_CONTAINER_OTHER;
	495	goto finish;
	496	}
	497	} else if (r != -ENOENT)
	498	return r;
	499
	500	/* If that didn't work, give up, assume no container manager. */
	501	r = VIRTUALIZATION_NONE;
	502	goto finish;
b52aae1d	503
8d6e8034	504	translate_name:
75f86906 LP	505	for (j = 0; j < ELEMENTSOF(value_table); j++)
	506	if (streq(e, value_table[j].value)) {
	507	r = value_table[j].id;
	508	goto finish;
	509	}
0fb533a5	510
f499daf4	511	r = VIRTUALIZATION_CONTAINER_OTHER;
fdd25311	512
0fb533a5	513	finish:
8d6e8034	514	log_debug("Found container virtualization %s.", virtualization_to_string(r));
0fb533a5	515	cached_found = r;
ab94af92	516	return r;
b52aae1d LP	517	}
b52aae1d LP	518
75f86906	519	int detect_virtualization(void) {
b52aae1d	520	int r;
b52aae1d	521
75f86906	522	r = detect_container();
9f63a08d SS	523	if (r == 0)
9f63a08d SS	524	r = detect_vm();
b52aae1d	525
9f63a08d	526	return r;
b52aae1d	527	}
75f86906	528
299a34c1 ZJS	529	static int userns_has_mapping(const char *name) {
	530	_cleanup_fclose_ FILE *f = NULL;
	531	_cleanup_free_ char *buf = NULL;
	532	size_t n_allocated = 0;
	533	ssize_t n;
	534	uint32_t a, b, c;
	535	int r;
	536
	537	f = fopen(name, "re");
	538	if (!f) {
	539	log_debug_errno(errno, "Failed to open %s: %m", name);
abd67ce7	540	return errno == ENOENT ? false : -errno;
299a34c1 ZJS	541	}
	542
	543	n = getline(&buf, &n_allocated, f);
	544	if (n < 0) {
	545	if (feof(f)) {
	546	log_debug("%s is empty, we're in an uninitialized user namespace", name);
	547	return true;
	548	}
	549
	550	return log_debug_errno(errno, "Failed to read %s: %m", name);
	551	}
	552
	553	r = sscanf(buf, "%"PRIu32" %"PRIu32" %"PRIu32, &a, &b, &c);
	554	if (r < 3)
	555	return log_debug_errno(errno, "Failed to parse %s: %m", name);
	556
	557	if (a == 0 && b == 0 && c == UINT32_MAX) {
	558	/* The kernel calls mappings_overlap() and does not allow overlaps */
	559	log_debug("%s has a full 1:1 mapping", name);
	560	return false;
	561	}
	562
	563	/* Anything else implies that we are in a user namespace */
	564	log_debug("Mapping found in %s, we're in a user namespace", name);
	565	return true;
	566	}
	567
	568	int running_in_userns(void) {
	569	_cleanup_free_ char *line = NULL;
	570	int r;
	571
	572	r = userns_has_mapping("/proc/self/uid_map");
	573	if (r != 0)
	574	return r;
	575
	576	r = userns_has_mapping("/proc/self/gid_map");
	577	if (r != 0)
	578	return r;
	579
	580	/* "setgroups" file was added in kernel v3.18-rc6-15-g9cc46516dd. It is also
	581	* possible to compile a kernel without CONFIG_USER_NS, in which case "setgroups"
	582	* also does not exist. We cannot distinguish those two cases, so assume that
	583	* we're running on a stripped-down recent kernel, rather than on an old one,
	584	* and if the file is not found, return false.
	585	*/
	586	r = read_one_line_file("/proc/self/setgroups", &line);
	587	if (r < 0) {
	588	log_debug_errno(r, "/proc/self/setgroups: %m");
	589	return r == -ENOENT ? false : r;
	590	}
	591
	592	truncate_nl(line);
	593	r = streq(line, "deny");
	594	/* See user_namespaces(7) for a description of this "setgroups" contents. */
	595	log_debug("/proc/self/setgroups contains \"%s\", %s user namespace", line, r ? "in" : "not in");
	596	return r;
	597	}
	598
7f4b3c5e	599	int running_in_chroot(void) {
d6d0473d	600	int ret;
7f4b3c5e	601
08a28eec LN	602	if (getenv_bool("SYSTEMD_IGNORE_CHROOT") > 0)
	603	return 0;
	604
e3f791a2	605	ret = files_same("/proc/1/root", "/", 0);
d6d0473d LP	606	if (ret < 0)
d6d0473d LP	607	return ret;
7f4b3c5e	608
d6d0473d	609	return ret == 0;
7f4b3c5e LP	610	}
7f4b3c5e LP	611
75f86906 LP	612	static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
	613	[VIRTUALIZATION_NONE] = "none",
	614	[VIRTUALIZATION_KVM] = "kvm",
	615	[VIRTUALIZATION_QEMU] = "qemu",
	616	[VIRTUALIZATION_BOCHS] = "bochs",
	617	[VIRTUALIZATION_XEN] = "xen",
	618	[VIRTUALIZATION_UML] = "uml",
	619	[VIRTUALIZATION_VMWARE] = "vmware",
	620	[VIRTUALIZATION_ORACLE] = "oracle",
	621	[VIRTUALIZATION_MICROSOFT] = "microsoft",
	622	[VIRTUALIZATION_ZVM] = "zvm",
	623	[VIRTUALIZATION_PARALLELS] = "parallels",
aa0c3427	624	[VIRTUALIZATION_BHYVE] = "bhyve",
75f86906 LP	625	[VIRTUALIZATION_VM_OTHER] = "vm-other",
	626
	627	[VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn",
	628	[VIRTUALIZATION_LXC_LIBVIRT] = "lxc-libvirt",
	629	[VIRTUALIZATION_LXC] = "lxc",
	630	[VIRTUALIZATION_OPENVZ] = "openvz",
	631	[VIRTUALIZATION_DOCKER] = "docker",
9fb16425	632	[VIRTUALIZATION_RKT] = "rkt",
75f86906 LP	633	[VIRTUALIZATION_CONTAINER_OTHER] = "container-other",
	634	};
	635
	636	DEFINE_STRING_TABLE_LOOKUP(virtualization, int);