src/detect-virt/detect-virt.c

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2
   3 #include <getopt.h>
   4
   5 #include "alloc-util.h"
   6 #include "build.h"
   7 #include "confidential-virt.h"
   8 #include "log.h"
   9 #include "main-func.h"
  10 #include "pretty-print.h"
  11 #include "string-table.h"
  12 #include "virt.h"
  13
  14 static bool arg_quiet = false;
  15 static enum {
  16         ANY_VIRTUALIZATION,
  17         ONLY_VM,
  18         ONLY_CONTAINER,
  19         ONLY_CHROOT,
  20         ONLY_PRIVATE_USERS,
  21         ONLY_CVM,
  22 } arg_mode = ANY_VIRTUALIZATION;
  23
  24 static int help(void) {
  25         _cleanup_free_ char *link = NULL;
  26         int r;
  27
  28         r = terminal_urlify_man("systemd-detect-virt", "1", &link);
  29         if (r < 0)
  30                 return log_oom();
  31
  32         printf("%s [OPTIONS...]\n\n"
  33                "Detect execution in a virtualized environment.\n\n"
  34                "  -h --help             Show this help\n"
  35                "     --version          Show package version\n"
  36                "  -c --container        Only detect whether we are run in a container\n"
  37                "  -v --vm               Only detect whether we are run in a VM\n"
  38                "  -r --chroot           Detect whether we are run in a chroot() environment\n"
  39                "     --private-users    Only detect whether we are running in a user namespace\n"
  40                "     --cvm              Only detect whether we are run in a confidential VM\n"
  41                "  -q --quiet            Don't output anything, just set return value\n"
  42                "     --list             List all known and detectable types of virtualization\n"
  43                "     --list-cvm         List all known and detectable types of confidential \n"
  44                "                        virtualization\n"
  45                "\nSee the %s for details.\n",
  46                program_invocation_short_name,
  47                link);
  48
  49         return 0;
  50 }
  51
  52 static int parse_argv(int argc, char *argv[]) {
  53
  54         enum {
  55                 ARG_VERSION = 0x100,
  56                 ARG_PRIVATE_USERS,
  57                 ARG_LIST,
  58                 ARG_CVM,
  59                 ARG_LIST_CVM,
  60         };
  61
  62         static const struct option options[] = {
  63                 { "help",          no_argument, NULL, 'h'               },
  64                 { "version",       no_argument, NULL, ARG_VERSION       },
  65                 { "container",     no_argument, NULL, 'c'               },
  66                 { "vm",            no_argument, NULL, 'v'               },
  67                 { "chroot",        no_argument, NULL, 'r'               },
  68                 { "private-users", no_argument, NULL, ARG_PRIVATE_USERS },
  69                 { "quiet",         no_argument, NULL, 'q'               },
  70                 { "cvm",           no_argument, NULL, ARG_CVM           },
  71                 { "list",          no_argument, NULL, ARG_LIST          },
  72                 { "list-cvm",      no_argument, NULL, ARG_LIST_CVM      },
  73                 {}
  74         };
  75
  76         int c;
  77
  78         assert(argc >= 0);
  79         assert(argv);
  80
  81         while ((c = getopt_long(argc, argv, "hqcvr", options, NULL)) >= 0)
  82
  83                 switch (c) {
  84
  85                 case 'h':
  86                         return help();
  87
  88                 case ARG_VERSION:
  89                         return version();
  90
  91                 case 'q':
  92                         arg_quiet = true;
  93                         break;
  94
  95                 case 'c':
  96                         arg_mode = ONLY_CONTAINER;
  97                         break;
  98
  99                 case ARG_PRIVATE_USERS:
 100                         arg_mode = ONLY_PRIVATE_USERS;
 101                         break;
 102
 103                 case 'v':
 104                         arg_mode = ONLY_VM;
 105                         break;
 106
 107                 case 'r':
 108                         arg_mode = ONLY_CHROOT;
 109                         break;
 110
 111                 case ARG_LIST:
 112                         DUMP_STRING_TABLE(virtualization, Virtualization, _VIRTUALIZATION_MAX);
 113                         return 0;
 114
 115                 case ARG_CVM:
 116                         arg_mode = ONLY_CVM;
 117                         return 1;
 118
 119                 case ARG_LIST_CVM:
 120                         DUMP_STRING_TABLE(confidential_virtualization, ConfidentialVirtualization, _CONFIDENTIAL_VIRTUALIZATION_MAX);
 121                         return 0;
 122
 123                 case '?':
 124                         return -EINVAL;
 125
 126                 default:
 127                         assert_not_reached();
 128                 }
 129
 130         if (optind < argc)
 131                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 132                                        "%s takes no arguments.",
 133                                        program_invocation_short_name);
 134
 135         return 1;
 136 }
 137
 138 static int run(int argc, char *argv[]) {
 139         Virtualization v;
 140         ConfidentialVirtualization c;
 141         int r;
 142
 143         /* This is mostly intended to be used for scripts which want
 144          * to detect whether we are being run in a virtualized
 145          * environment or not */
 146
 147         log_setup();
 148
 149         r = parse_argv(argc, argv);
 150         if (r <= 0)
 151                 return r;
 152
 153         switch (arg_mode) {
 154         case ONLY_VM:
 155                 v = detect_vm();
 156                 if (v < 0)
 157                         return log_error_errno(v, "Failed to check for VM: %m");
 158                 break;
 159
 160         case ONLY_CONTAINER:
 161                 v = detect_container();
 162                 if (v < 0)
 163                         return log_error_errno(v, "Failed to check for container: %m");
 164                 break;
 165
 166         case ONLY_CHROOT:
 167                 r = running_in_chroot();
 168                 if (r < 0)
 169                         return log_error_errno(r, "Failed to check for chroot() environment: %m");
 170                 return !r;
 171
 172         case ONLY_PRIVATE_USERS:
 173                 r = running_in_userns();
 174                 if (r < 0)
 175                         return log_error_errno(r, "Failed to check for user namespace: %m");
 176                 return !r;
 177
 178         case ONLY_CVM:
 179                 c = detect_confidential_virtualization();
 180                 if (c < 0)
 181                         return log_error_errno(c, "Failed to check for confidential virtualization: %m");
 182                 if (!arg_quiet)
 183                         puts(confidential_virtualization_to_string(c));
 184                 return c == CONFIDENTIAL_VIRTUALIZATION_NONE;
 185
 186         case ANY_VIRTUALIZATION:
 187         default:
 188                 v = detect_virtualization();
 189                 if (v < 0)
 190                         return log_error_errno(v, "Failed to check for virtualization: %m");
 191         }
 192
 193         if (!arg_quiet)
 194                 puts(virtualization_to_string(v));
 195
 196         return v == VIRTUALIZATION_NONE;
 197 }
 198
 199 DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run);