From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Fri, 26 Apr 2019 11:37:31 +0000 (+0200)
Subject: basic/virt: try the /proc/1/sched hack also for PID1
X-Git-Tag: v243-rc1~502^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=342bed02084c4396dd2f1054bd559bfb2699cfcb;p=thirdparty%2Fsystemd.git

basic/virt: try the /proc/1/sched hack also for PID1

If a container manager does not set $container, we could end up
in a strange situation when detect-virt returns container-other when
run as non-pid-1 and none when run as pid-1.
---

diff --git a/src/basic/virt.c b/src/basic/virt.c
index 5dd1bd6633f..1a213bb22eb 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -428,7 +428,6 @@ finish:
 }
 
 int detect_container(void) {
-
         static const struct {
                 const char *value;
                 int id;
@@ -468,9 +467,15 @@ int detect_container(void) {
         }
 
         if (getpid_cached() == 1) {
-                /* If we are PID 1 we can just check our own environment variable, and that's authoritative. */
-
+                /* If we are PID 1 we can just check our own environment variable, and that's authoritative.
+                 * We distinguish three cases:
+                 * - the variable is not defined → we jump to other checks
+                 * - the variable is defined to an empty value → we are not in a container
+                 * - anything else → some container, either one of the known ones or "container-other"
+                 */
                 e = getenv("container");
+                if (!e)
+                        goto check_sched;
                 if (isempty(e)) {
                         r = VIRTUALIZATION_NONE;
                         goto finish;
@@ -498,8 +503,9 @@ int detect_container(void) {
         if (r < 0) /* This only works if we have CAP_SYS_PTRACE, hence let's better ignore failures here */
                 log_debug_errno(r, "Failed to read $container of PID 1, ignoring: %m");
 
-        /* Interestingly /proc/1/sched actually shows the host's PID for what we see as PID 1. Hence, if the PID shown
-         * there is not 1, we know we are in a PID namespace. and hence a container. */
+        /* Interestingly /proc/1/sched actually shows the host's PID for what we see as PID 1. If the PID
+         * shown there is not 1, we know we are in a PID namespace and hence a container. */
+ check_sched:
         r = read_one_line_file("/proc/1/sched", &m);
         if (r >= 0) {
                 const char *t;