]>
Commit | Line | Data |
---|---|---|
2c4ff634 | 1 | <?xml version='1.0'?> <!--*-nxml-*--> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
eea10b26 | 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
2c4ff634 | 5 | |
dfdebb1b | 6 | <refentry id="systemd-detect-virt" |
6d0c987d | 7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
798d3a52 ZJS |
8 | |
9 | <refentryinfo> | |
10 | <title>systemd-detect-virt</title> | |
11 | <productname>systemd</productname> | |
798d3a52 ZJS |
12 | </refentryinfo> |
13 | ||
14 | <refmeta> | |
15 | <refentrytitle>systemd-detect-virt</refentrytitle> | |
16 | <manvolnum>1</manvolnum> | |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
20 | <refname>systemd-detect-virt</refname> | |
21 | <refpurpose>Detect execution in a virtualized environment</refpurpose> | |
22 | </refnamediv> | |
23 | ||
24 | <refsynopsisdiv> | |
25 | <cmdsynopsis> | |
299a34c1 ZJS |
26 | <command>systemd-detect-virt</command> |
27 | <arg choice="opt" rep="repeat">OPTIONS</arg> | |
798d3a52 ZJS |
28 | </cmdsynopsis> |
29 | </refsynopsisdiv> | |
30 | ||
31 | <refsect1> | |
32 | <title>Description</title> | |
33 | ||
34 | <para><command>systemd-detect-virt</command> detects execution in | |
35 | a virtualized environment. It identifies the virtualization | |
9c5baa43 | 36 | technology and can distinguish full machine virtualization from |
798d3a52 ZJS |
37 | container virtualization. <filename>systemd-detect-virt</filename> |
38 | exits with a return value of 0 (success) if a virtualization | |
b938cb90 | 39 | technology is detected, and non-zero (error) otherwise. By default, |
798d3a52 ZJS |
40 | any type of virtualization is detected, and the options |
41 | <option>--container</option> and <option>--vm</option> can be used | |
42 | to limit what types of virtualization are detected.</para> | |
43 | ||
44 | <para>When executed without <option>--quiet</option> will print a | |
45 | short identifier for the detected virtualization technology. The | |
46 | following technologies are currently identified:</para> | |
47 | ||
48 | <table> | |
49 | <title>Known virtualization technologies (both | |
50 | VM, i.e. full hardware virtualization, | |
51 | and container, i.e. shared kernel virtualization)</title> | |
52 | <tgroup cols='3' align='left' colsep='1' rowsep='1'> | |
53 | <colspec colname="type" /> | |
54 | <colspec colname="id" /> | |
55 | <colspec colname="product" /> | |
56 | <thead> | |
57 | <row> | |
6d0c987d ZJS |
58 | <entry>Type</entry> |
59 | <entry>ID</entry> | |
60 | <entry>Product</entry> | |
798d3a52 ZJS |
61 | </row> |
62 | </thead> | |
63 | <tbody> | |
64 | <row> | |
d833ed78 | 65 | <entry valign="top" morerows="16">VM</entry> |
6d0c987d | 66 | <entry><varname>qemu</varname></entry> |
5f1c788c | 67 | <entry>QEMU software virtualization, without KVM</entry> |
798d3a52 ZJS |
68 | </row> |
69 | ||
70 | <row> | |
6d0c987d | 71 | <entry><varname>kvm</varname></entry> |
b6eca373 BJ |
72 | <entry>Linux KVM kernel virtual machine, in combination with QEMU. Not used for other virtualizers using the KVM interfaces, such as Oracle VirtualBox or Amazon EC2 Nitro, see below.</entry> |
73 | </row> | |
74 | ||
75 | <row> | |
76 | <entry><varname>amazon</varname></entry> | |
77 | <entry>Amazon EC2 Nitro using Linux KVM</entry> | |
798d3a52 ZJS |
78 | </row> |
79 | ||
80 | <row> | |
6d0c987d ZJS |
81 | <entry><varname>zvm</varname></entry> |
82 | <entry>s390 z/VM</entry> | |
798d3a52 ZJS |
83 | </row> |
84 | ||
85 | <row> | |
6d0c987d ZJS |
86 | <entry><varname>vmware</varname></entry> |
87 | <entry>VMware Workstation or Server, and related products</entry> | |
798d3a52 ZJS |
88 | </row> |
89 | ||
90 | <row> | |
6d0c987d ZJS |
91 | <entry><varname>microsoft</varname></entry> |
92 | <entry>Hyper-V, also known as Viridian or Windows Server Virtualization</entry> | |
798d3a52 ZJS |
93 | </row> |
94 | ||
95 | <row> | |
6d0c987d | 96 | <entry><varname>oracle</varname></entry> |
d225fedb | 97 | <entry>Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems), for legacy and KVM hypervisor</entry> |
798d3a52 ZJS |
98 | </row> |
99 | ||
3224e38b MS |
100 | <row> |
101 | <entry><varname>powervm</varname></entry> | |
8b273a47 | 102 | <entry>IBM PowerVM hypervisor — comes as firmware with some IBM POWER servers</entry> |
3224e38b MS |
103 | </row> |
104 | ||
798d3a52 | 105 | <row> |
6d0c987d ZJS |
106 | <entry><varname>xen</varname></entry> |
107 | <entry>Xen hypervisor (only domU, not dom0)</entry> | |
798d3a52 ZJS |
108 | </row> |
109 | ||
110 | <row> | |
6d0c987d ZJS |
111 | <entry><varname>bochs</varname></entry> |
112 | <entry>Bochs Emulator</entry> | |
798d3a52 ZJS |
113 | </row> |
114 | ||
115 | <row> | |
6d0c987d ZJS |
116 | <entry><varname>uml</varname></entry> |
117 | <entry>User-mode Linux</entry> | |
798d3a52 ZJS |
118 | </row> |
119 | ||
d84248eb | 120 | <row> |
6d0c987d ZJS |
121 | <entry><varname>parallels</varname></entry> |
122 | <entry>Parallels Desktop, Parallels Server</entry> | |
d84248eb EV |
123 | </row> |
124 | ||
1fdf07f5 | 125 | <row> |
aa0c3427 LBS |
126 | <entry><varname>bhyve</varname></entry> |
127 | <entry>bhyve, FreeBSD hypervisor</entry> | |
1fdf07f5 SL |
128 | </row> |
129 | ||
130 | <row> | |
131 | <entry><varname>qnx</varname></entry> | |
132 | <entry>QNX hypervisor</entry> | |
aa0c3427 LBS |
133 | </row> |
134 | ||
0f0e30ad RB |
135 | <row> |
136 | <entry><varname>acrn</varname></entry> | |
137 | <entry><ulink url="https://projectacrn.org">ACRN hypervisor</ulink></entry> | |
138 | </row> | |
139 | ||
f5558306 ZL |
140 | <row> |
141 | <entry><varname>apple</varname></entry> | |
10b8bb54 | 142 | <entry><ulink url="https://developer.apple.com/documentation/virtualization">Apple virtualization framework</ulink></entry> |
f5558306 ZL |
143 | </row> |
144 | ||
d833ed78 NM |
145 | <row> |
146 | <entry><varname>sre</varname></entry> | |
147 | <entry><ulink url="https://www.lockheedmartin.com/en-us/products/Hardened-Security-for-Intel-Processors.html">LMHS SRE hypervisor</ulink></entry> | |
148 | </row> | |
149 | ||
9b0688f4 YW |
150 | <row> |
151 | <entry><varname>google</varname></entry> | |
152 | <entry><ulink url="https://cloud.google.com/compute">Google Compute Engine</ulink></entry> | |
153 | </row> | |
154 | ||
798d3a52 | 155 | <row> |
ddd6dd9f | 156 | <entry valign="top" morerows="9">Container</entry> |
6d0c987d ZJS |
157 | <entry><varname>openvz</varname></entry> |
158 | <entry>OpenVZ/Virtuozzo</entry> | |
798d3a52 ZJS |
159 | </row> |
160 | ||
161 | <row> | |
6d0c987d ZJS |
162 | <entry><varname>lxc</varname></entry> |
163 | <entry>Linux container implementation by LXC</entry> | |
798d3a52 ZJS |
164 | </row> |
165 | ||
166 | <row> | |
6d0c987d ZJS |
167 | <entry><varname>lxc-libvirt</varname></entry> |
168 | <entry>Linux container implementation by libvirt</entry> | |
798d3a52 ZJS |
169 | </row> |
170 | ||
171 | <row> | |
6d0c987d ZJS |
172 | <entry><varname>systemd-nspawn</varname></entry> |
173 | <entry>systemd's minimal container implementation, see <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></entry> | |
798d3a52 ZJS |
174 | </row> |
175 | ||
176 | <row> | |
6d0c987d ZJS |
177 | <entry><varname>docker</varname></entry> |
178 | <entry>Docker container manager</entry> | |
798d3a52 | 179 | </row> |
9fb16425 | 180 | |
90fb1f09 ZJS |
181 | <row> |
182 | <entry><varname>podman</varname></entry> | |
183 | <entry><ulink url="https://podman.io">Podman</ulink> container manager</entry> | |
184 | </row> | |
185 | ||
9fb16425 | 186 | <row> |
6d0c987d ZJS |
187 | <entry><varname>rkt</varname></entry> |
188 | <entry>rkt app container runtime</entry> | |
9fb16425 | 189 | </row> |
6c8a2c67 BR |
190 | |
191 | <row> | |
192 | <entry><varname>wsl</varname></entry> | |
193 | <entry><ulink url="https://docs.microsoft.com/en-us/windows/wsl/about">Windows Subsystem for Linux</ulink></entry> | |
194 | </row> | |
80cc3e3e CD |
195 | |
196 | <row> | |
197 | <entry><varname>proot</varname></entry> | |
198 | <entry><ulink url="https://proot-me.github.io/">proot</ulink> userspace chroot/bind mount emulation</entry> | |
199 | </row> | |
abac810b WY |
200 | |
201 | <row> | |
202 | <entry><varname>pouch</varname></entry> | |
203 | <entry><ulink url="https://github.com/alibaba/pouch">Pouch</ulink> Container Engine</entry> | |
204 | </row> | |
798d3a52 ZJS |
205 | </tbody> |
206 | </tgroup> | |
207 | </table> | |
208 | ||
209 | <para>If multiple virtualization solutions are used, only the | |
9c5baa43 JE |
210 | "innermost" is detected and identified. That means if both |
211 | machine and container virtualization are used in | |
798d3a52 ZJS |
212 | conjunction, only the latter will be identified (unless |
213 | <option>--vm</option> is passed).</para> | |
6c8a2c67 BR |
214 | <para> Windows Subsystem for Linux is not a Linux container, |
215 | but an environment for running Linux userspace applications on | |
216 | top of the Windows kernel using a Linux-compatible interface. | |
217 | WSL is categorized as a container for practical purposes. | |
218 | Multiple WSL environments share the same kernel and services | |
219 | should generally behave like when being run in a container.</para> | |
798d3a52 ZJS |
220 | </refsect1> |
221 | ||
222 | <refsect1> | |
223 | <title>Options</title> | |
224 | ||
225 | <para>The following options are understood:</para> | |
226 | ||
227 | <variablelist> | |
228 | <varlistentry> | |
229 | <term><option>-c</option></term> | |
230 | <term><option>--container</option></term> | |
231 | ||
232 | <listitem><para>Only detects container virtualization (i.e. | |
233 | shared kernel virtualization).</para></listitem> | |
234 | </varlistentry> | |
235 | ||
236 | <varlistentry> | |
237 | <term><option>-v</option></term> | |
238 | <term><option>--vm</option></term> | |
239 | ||
4ee17545 | 240 | <listitem><para>Only detects hardware virtualization.</para></listitem> |
798d3a52 ZJS |
241 | </varlistentry> |
242 | ||
d21be5ff LP |
243 | <varlistentry> |
244 | <term><option>-r</option></term> | |
245 | <term><option>--chroot</option></term> | |
246 | ||
247 | <listitem><para>Detect whether invoked in a | |
248 | <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry> | |
b938cb90 | 249 | environment. In this mode, no output is written, but the return |
d21be5ff LP |
250 | value indicates whether the process was invoked in a |
251 | <function>chroot()</function> | |
ec07c3c8 AK |
252 | environment or not.</para> |
253 | ||
254 | <xi:include href="version-info.xml" xpointer="v228"/></listitem> | |
d21be5ff LP |
255 | </varlistentry> |
256 | ||
299a34c1 ZJS |
257 | <varlistentry> |
258 | <term><option>--private-users</option></term> | |
259 | ||
260 | <listitem><para>Detect whether invoked in a user namespace. In this mode, no | |
261 | output is written, but the return value indicates whether the process was invoked | |
262 | inside of a user namespace or not. See | |
263 | <citerefentry project='man-pages'><refentrytitle>user_namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry> | |
ec07c3c8 AK |
264 | for more information.</para> |
265 | ||
266 | <xi:include href="version-info.xml" xpointer="v232"/></listitem> | |
299a34c1 ZJS |
267 | </varlistentry> |
268 | ||
5e0c61f6 DB |
269 | <varlistentry> |
270 | <term><option>--cvm</option></term> | |
271 | ||
272 | <listitem><para>Detect whether invoked in a confidential virtual machine. | |
273 | The result of this detection may be used to disable features that should | |
274 | not be used in confidential VMs. It must not be used to release security | |
275 | sensitive information. The latter must only be released after attestation | |
ec07c3c8 AK |
276 | of the confidential environment.</para> |
277 | ||
278 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
5e0c61f6 DB |
279 | </varlistentry> |
280 | ||
798d3a52 ZJS |
281 | <varlistentry> |
282 | <term><option>-q</option></term> | |
283 | <term><option>--quiet</option></term> | |
284 | ||
285 | <listitem><para>Suppress output of the virtualization | |
286 | technology identifier.</para></listitem> | |
287 | </varlistentry> | |
288 | ||
39824629 LP |
289 | <varlistentry> |
290 | <term><option>--list</option></term> | |
291 | ||
ec07c3c8 AK |
292 | <listitem><para>Output all currently known and detectable container and VM environments.</para> |
293 | ||
294 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
39824629 LP |
295 | </varlistentry> |
296 | ||
f460fec9 DB |
297 | <varlistentry> |
298 | <term><option>--list-cvm</option></term> | |
299 | ||
ec07c3c8 AK |
300 | <listitem><para>Output all currently known and detectable confidential virtualization technologies.</para> |
301 | ||
302 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
f460fec9 DB |
303 | </varlistentry> |
304 | ||
798d3a52 ZJS |
305 | <xi:include href="standard-options.xml" xpointer="help" /> |
306 | <xi:include href="standard-options.xml" xpointer="version" /> | |
307 | </variablelist> | |
308 | ||
309 | </refsect1> | |
310 | ||
311 | <refsect1> | |
312 | <title>Exit status</title> | |
313 | ||
314 | <para>If a virtualization technology is detected, 0 is returned, a | |
315 | non-zero code otherwise.</para> | |
316 | </refsect1> | |
317 | ||
318 | <refsect1> | |
319 | <title>See Also</title> | |
13a69c12 DT |
320 | <para><simplelist type="inline"> |
321 | <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
322 | <member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
323 | <member><citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry></member> | |
324 | <member><citerefentry project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry></member> | |
325 | </simplelist></para> | |
798d3a52 | 326 | </refsect1> |
2c4ff634 LP |
327 | |
328 | </refentry> |