From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 8 Jan 2024 15:14:44 +0000 (+0100)
Subject: id128-util: do not expose product UUID when running in a container
X-Git-Tag: v256-rc1~1226^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5ee5b1659aad07a6b718de2868124d490c0dfb73;p=thirdparty%2Fsystemd.git

id128-util: do not expose product UUID when running in a container

When we run in a container we should show our own system's info, not the
hosts hence suppress this info in that case.

This matches the behaviour of most other calls in hostnamed to expose
system properties.
---

diff --git a/src/libsystemd/sd-id128/id128-util.c b/src/libsystemd/sd-id128/id128-util.c
index 69fc1bf07e5..5808cea7576 100644
--- a/src/libsystemd/sd-id128/id128-util.c
+++ b/src/libsystemd/sd-id128/id128-util.c
@@ -13,6 +13,7 @@
 #include "stdio-util.h"
 #include "string-util.h"
 #include "sync-util.h"
+#include "virt.h"
 
 int id128_from_string_nonzero(const char *s, sd_id128_t *ret) {
         sd_id128_t t;
@@ -223,6 +224,13 @@ int id128_get_product(sd_id128_t *ret) {
         /* Reads the systems product UUID from DMI or devicetree (where it is located on POWER). This is
          * particularly relevant in VM environments, where VM managers typically place a VM uuid there. */
 
+        r = detect_container();
+        if (r < 0)
+                return r;
+        if (r > 0) /* Refuse returning this in containers, as this is not a property of our system then, but
+                    * of the host */
+                return -ENOENT;
+
         r = id128_read("/sys/class/dmi/id/product_uuid", ID128_FORMAT_UUID, &uuid);
         if (r == -ENOENT)
                 r = id128_read("/proc/device-tree/vm,uuid", ID128_FORMAT_UUID, &uuid);