man/systemd-detect-virt.xml

   1 <?xml version='1.0'?> <!--*-nxml-*-->
   2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   3   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
   4 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
   5
   6 <refentry id="systemd-detect-virt"
   7           xmlns:xi="http://www.w3.org/2001/XInclude">
   8
   9   <refentryinfo>
  10     <title>systemd-detect-virt</title>
  11     <productname>systemd</productname>
  12   </refentryinfo>
  13
  14   <refmeta>
  15     <refentrytitle>systemd-detect-virt</refentrytitle>
  16     <manvolnum>1</manvolnum>
  17   </refmeta>
  18
  19   <refnamediv>
  20     <refname>systemd-detect-virt</refname>
  21     <refpurpose>Detect execution in a virtualized environment</refpurpose>
  22   </refnamediv>
  23
  24   <refsynopsisdiv>
  25     <cmdsynopsis>
  26       <command>systemd-detect-virt</command>
  27       <arg choice="opt" rep="repeat">OPTIONS</arg>
  28     </cmdsynopsis>
  29   </refsynopsisdiv>
  30
  31   <refsect1>
  32     <title>Description</title>
  33
  34     <para><command>systemd-detect-virt</command> detects execution in
  35     a virtualized environment. It identifies the virtualization
  36     technology and can distinguish full machine virtualization from
  37     container virtualization. <filename>systemd-detect-virt</filename>
  38     exits with a return value of 0 (success) if a virtualization
  39     technology is detected, and non-zero (error) otherwise. By default,
  40     any type of virtualization is detected, and the options
  41     <option>--container</option> and <option>--vm</option> can be used
  42     to limit what types of virtualization are detected.</para>
  43
  44     <para>When executed without <option>--quiet</option> will print a
  45     short identifier for the detected virtualization technology. The
  46     following technologies are currently identified:</para>
  47
  48     <table>
  49       <title>Known virtualization technologies (both
  50       VM, i.e. full hardware virtualization,
  51       and container, i.e. shared kernel virtualization)</title>
  52       <tgroup cols='3' align='left' colsep='1' rowsep='1'>
  53         <colspec colname="type" />
  54         <colspec colname="id" />
  55         <colspec colname="product" />
  56         <thead>
  57           <row>
  58             <entry>Type</entry>
  59             <entry>ID</entry>
  60             <entry>Product</entry>
  61           </row>
  62         </thead>
  63         <tbody>
  64           <row>
  65             <entry valign="top" morerows="16">VM</entry>
  66             <entry><varname>qemu</varname></entry>
  67             <entry>QEMU software virtualization, without KVM</entry>
  68           </row>
  69
  70           <row>
  71             <entry><varname>kvm</varname></entry>
  72             <entry>Linux KVM kernel virtual machine, in combination with QEMU. Not used for other virtualizers using the KVM interfaces, such as Oracle VirtualBox or Amazon EC2 Nitro, see below.</entry>
  73           </row>
  74
  75           <row>
  76             <entry><varname>amazon</varname></entry>
  77             <entry>Amazon EC2 Nitro using Linux KVM</entry>
  78           </row>
  79
  80           <row>
  81             <entry><varname>zvm</varname></entry>
  82             <entry>s390 z/VM</entry>
  83           </row>
  84
  85           <row>
  86             <entry><varname>vmware</varname></entry>
  87             <entry>VMware Workstation or Server, and related products</entry>
  88           </row>
  89
  90           <row>
  91             <entry><varname>microsoft</varname></entry>
  92             <entry>Hyper-V, also known as Viridian or Windows Server Virtualization</entry>
  93           </row>
  94
  95           <row>
  96             <entry><varname>oracle</varname></entry>
  97             <entry>Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems), for legacy and KVM hypervisor</entry>
  98           </row>
  99
 100           <row>
 101             <entry><varname>powervm</varname></entry>
 102             <entry>IBM PowerVM hypervisor — comes as firmware with some IBM POWER servers</entry>
 103           </row>
 104
 105           <row>
 106             <entry><varname>xen</varname></entry>
 107             <entry>Xen hypervisor (only domU, not dom0)</entry>
 108           </row>
 109
 110           <row>
 111             <entry><varname>bochs</varname></entry>
 112             <entry>Bochs Emulator</entry>
 113           </row>
 114
 115           <row>
 116             <entry><varname>uml</varname></entry>
 117             <entry>User-mode Linux</entry>
 118           </row>
 119
 120           <row>
 121             <entry><varname>parallels</varname></entry>
 122             <entry>Parallels Desktop, Parallels Server</entry>
 123           </row>
 124
 125           <row>
 126             <entry><varname>bhyve</varname></entry>
 127             <entry>bhyve, FreeBSD hypervisor</entry>
 128           </row>
 129
 130           <row>
 131             <entry><varname>qnx</varname></entry>
 132             <entry>QNX hypervisor</entry>
 133           </row>
 134
 135           <row>
 136             <entry><varname>acrn</varname></entry>
 137             <entry><ulink url="https://projectacrn.org">ACRN hypervisor</ulink></entry>
 138           </row>
 139
 140           <row>
 141             <entry><varname>apple</varname></entry>
 142             <entry><ulink url="https://developer.apple.com/documentation/virtualization">Apple virtualization framework</ulink></entry>
 143           </row>
 144
 145           <row>
 146             <entry><varname>sre</varname></entry>
 147             <entry><ulink url="https://www.lockheedmartin.com/en-us/products/Hardened-Security-for-Intel-Processors.html">LMHS SRE hypervisor</ulink></entry>
 148           </row>
 149
 150           <row>
 151             <entry><varname>google</varname></entry>
 152             <entry><ulink url="https://cloud.google.com/compute">Google Compute Engine</ulink></entry>
 153           </row>
 154
 155           <row>
 156             <entry valign="top" morerows="9">Container</entry>
 157             <entry><varname>openvz</varname></entry>
 158             <entry>OpenVZ/Virtuozzo</entry>
 159           </row>
 160
 161           <row>
 162             <entry><varname>lxc</varname></entry>
 163             <entry>Linux container implementation by LXC</entry>
 164           </row>
 165
 166           <row>
 167             <entry><varname>lxc-libvirt</varname></entry>
 168             <entry>Linux container implementation by libvirt</entry>
 169           </row>
 170
 171           <row>
 172             <entry><varname>systemd-nspawn</varname></entry>
 173             <entry>systemd's minimal container implementation, see <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></entry>
 174           </row>
 175
 176           <row>
 177             <entry><varname>docker</varname></entry>
 178             <entry>Docker container manager</entry>
 179           </row>
 180
 181           <row>
 182             <entry><varname>podman</varname></entry>
 183             <entry><ulink url="https://podman.io">Podman</ulink> container manager</entry>
 184           </row>
 185
 186           <row>
 187             <entry><varname>rkt</varname></entry>
 188             <entry>rkt app container runtime</entry>
 189           </row>
 190
 191           <row>
 192             <entry><varname>wsl</varname></entry>
 193             <entry><ulink url="https://docs.microsoft.com/en-us/windows/wsl/about">Windows Subsystem for Linux</ulink></entry>
 194           </row>
 195
 196           <row>
 197             <entry><varname>proot</varname></entry>
 198             <entry><ulink url="https://proot-me.github.io/">proot</ulink> userspace chroot/bind mount emulation</entry>
 199           </row>
 200
 201           <row>
 202             <entry><varname>pouch</varname></entry>
 203             <entry><ulink url="https://github.com/alibaba/pouch">Pouch</ulink> Container Engine</entry>
 204           </row>
 205         </tbody>
 206       </tgroup>
 207     </table>
 208
 209     <para>If multiple virtualization solutions are used, only the
 210     "innermost" is detected and identified. That means if both
 211     machine and container virtualization are used in
 212     conjunction, only the latter will be identified (unless
 213     <option>--vm</option> is passed).</para>
 214     <para> Windows Subsystem for Linux is not a Linux container,
 215     but an environment for running Linux userspace applications on
 216     top of the Windows kernel using a Linux-compatible interface.
 217     WSL is categorized as a container for practical purposes.
 218     Multiple WSL environments share the same kernel and services
 219     should generally behave like when being run in a container.</para>
 220   </refsect1>
 221
 222   <refsect1>
 223     <title>Options</title>
 224
 225     <para>The following options are understood:</para>
 226
 227     <variablelist>
 228       <varlistentry>
 229         <term><option>-c</option></term>
 230         <term><option>--container</option></term>
 231
 232         <listitem><para>Only detects container virtualization (i.e.
 233         shared kernel virtualization).</para></listitem>
 234       </varlistentry>
 235
 236       <varlistentry>
 237         <term><option>-v</option></term>
 238         <term><option>--vm</option></term>
 239
 240         <listitem><para>Only detects hardware virtualization.</para></listitem>
 241       </varlistentry>
 242
 243       <varlistentry>
 244         <term><option>-r</option></term>
 245         <term><option>--chroot</option></term>
 246
 247         <listitem><para>Detect whether invoked in a
 248         <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
 249         environment. In this mode, no output is written, but the return
 250         value indicates whether the process was invoked in a
 251         <function>chroot()</function>
 252         environment or not.</para>
 253
 254         <xi:include href="version-info.xml" xpointer="v228"/></listitem>
 255       </varlistentry>
 256
 257       <varlistentry>
 258         <term><option>--private-users</option></term>
 259
 260         <listitem><para>Detect whether invoked in a user namespace.  In this mode, no
 261         output is written, but the return value indicates whether the process was invoked
 262         inside of a user namespace or not. See
 263         <citerefentry project='man-pages'><refentrytitle>user_namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>
 264         for more information.</para>
 265
 266         <xi:include href="version-info.xml" xpointer="v232"/></listitem>
 267       </varlistentry>
 268
 269       <varlistentry>
 270         <term><option>--cvm</option></term>
 271
 272         <listitem><para>Detect whether invoked in a confidential virtual machine.
 273         The result of this detection may be used to disable features that should
 274         not be used in confidential VMs. It must not be used to release security
 275         sensitive information. The latter must only be released after attestation
 276         of the confidential environment.</para>
 277
 278         <xi:include href="version-info.xml" xpointer="v254"/></listitem>
 279       </varlistentry>
 280
 281       <varlistentry>
 282         <term><option>-q</option></term>
 283         <term><option>--quiet</option></term>
 284
 285         <listitem><para>Suppress output of the virtualization
 286         technology identifier.</para></listitem>
 287       </varlistentry>
 288
 289       <varlistentry>
 290         <term><option>--list</option></term>
 291
 292         <listitem><para>Output all currently known and detectable container and VM environments.</para>
 293
 294         <xi:include href="version-info.xml" xpointer="v239"/></listitem>
 295       </varlistentry>
 296
 297       <varlistentry>
 298         <term><option>--list-cvm</option></term>
 299
 300         <listitem><para>Output all currently known and detectable confidential virtualization technologies.</para>
 301
 302         <xi:include href="version-info.xml" xpointer="v254"/></listitem>
 303       </varlistentry>
 304
 305       <xi:include href="standard-options.xml" xpointer="help" />
 306       <xi:include href="standard-options.xml" xpointer="version" />
 307     </variablelist>
 308
 309   </refsect1>
 310
 311   <refsect1>
 312     <title>Exit status</title>
 313
 314     <para>If a virtualization technology is detected, 0 is returned, a
 315     non-zero code otherwise.</para>
 316   </refsect1>
 317
 318   <refsect1>
 319     <title>See Also</title>
 320     <para><simplelist type="inline">
 321       <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
 322       <member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
 323       <member><citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry></member>
 324       <member><citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
 325     </simplelist></para>
 326   </refsect1>
 327
 328 </refentry>