ssh-generator: don't do AF_VSOCK stuff if we run in a container

Tighten our VM check: whether we run in a VM is not enough to do
AF_VSOCK. We also need to check if we are run in a container, because if
we run in a container inside a VM then we should *not* do the AF_VSOCK
stuff, but leave the port free for the VM itself.

As discussed here:

https://github.com/systemd/systemd/pull/31544#issuecomment-1971455401

diff --git a/src/ssh-generator/ssh-generator.c b/src/ssh-generator/ssh-generator.c
index f906b4756840e62c0c965ddd6098b6ffae0e3ff9..6fdd4ec27f305f256d3efe4ac09d0cc31249f7f7 100644 (file)
--- a/src/ssh-generator/ssh-generator.c
+++ b/src/ssh-generator/ssh-generator.c
@@ -184,10 +184,11 @@ static int add_vsock_socket(
         assert(dest);
         assert(generated_sshd_template_unit);
 
-        Virtualization v = detect_vm();
+        Virtualization v = detect_virtualization();
         if (v < 0)
                 return log_error_errno(v, "Failed to detect if we run in a VM: %m");
-        if (v == VIRTUALIZATION_NONE) {
+        if (!VIRTUALIZATION_IS_VM(v)) {
+                /* NB: if we are running in a container inside a VM, then we'll *not* do AF_VSOCK stuff */
                 log_debug("Not running in a VM, not listening on AF_VSOCK.");
                 return 0;
         }