diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml index 28d997cfa9..d599ac20f1 100644 --- a/man/systemd-detect-virt.xml +++ b/man/systemd-detect-virt.xml @@ -62,7 +62,7 @@ - VM + VM qemu QEMU software virtualization, without KVM @@ -128,7 +128,7 @@ - Container + Container openvz OpenVZ/Virtuozzo @@ -153,6 +153,11 @@ Docker container manager + + podman + Podman container manager + + rkt rkt app container runtime diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml index fdeaef3db4..4b283880c3 100644 --- a/man/systemd.unit.xml +++ b/man/systemd.unit.xml @@ -1089,6 +1089,7 @@ lxc-libvirt, systemd-nspawn, docker, + podman, rkt, wsl, acrn to test diff --git a/src/basic/virt.c b/src/basic/virt.c index 284d9b4d44..84b2d64b25 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -428,7 +428,6 @@ finish: } int detect_container(void) { - static const struct { const char *value; int id; @@ -437,6 +436,7 @@ int detect_container(void) { { "lxc-libvirt", VIRTUALIZATION_LXC_LIBVIRT }, { "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN }, { "docker", VIRTUALIZATION_DOCKER }, + { "podman", VIRTUALIZATION_PODMAN }, { "rkt", VIRTUALIZATION_RKT }, { "wsl", VIRTUALIZATION_WSL }, }; @@ -468,9 +468,15 @@ int detect_container(void) { } if (getpid_cached() == 1) { - /* If we are PID 1 we can just check our own environment variable, and that's authoritative. */ - + /* If we are PID 1 we can just check our own environment variable, and that's authoritative. + * We distinguish three cases: + * - the variable is not defined → we jump to other checks + * - the variable is defined to an empty value → we are not in a container + * - anything else → some container, either one of the known ones or "container-other" + */ e = getenv("container"); + if (!e) + goto check_sched; if (isempty(e)) { r = VIRTUALIZATION_NONE; goto finish; @@ -498,8 +504,9 @@ int detect_container(void) { if (r < 0) /* This only works if we have CAP_SYS_PTRACE, hence let's better ignore failures here */ log_debug_errno(r, "Failed to read $container of PID 1, ignoring: %m"); - /* Interestingly /proc/1/sched actually shows the host's PID for what we see as PID 1. Hence, if the PID shown - * there is not 1, we know we are in a PID namespace. and hence a container. */ + /* Interestingly /proc/1/sched actually shows the host's PID for what we see as PID 1. If the PID + * shown there is not 1, we know we are in a PID namespace and hence a container. */ + check_sched: r = read_one_line_file("/proc/1/sched", &m); if (r >= 0) { const char *t; @@ -649,6 +656,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = { [VIRTUALIZATION_LXC] = "lxc", [VIRTUALIZATION_OPENVZ] = "openvz", [VIRTUALIZATION_DOCKER] = "docker", + [VIRTUALIZATION_PODMAN] = "podman", [VIRTUALIZATION_RKT] = "rkt", [VIRTUALIZATION_WSL] = "wsl", [VIRTUALIZATION_CONTAINER_OTHER] = "container-other", diff --git a/src/basic/virt.h b/src/basic/virt.h index c0836897f6..26f409afd0 100644 --- a/src/basic/virt.h +++ b/src/basic/virt.h @@ -31,6 +31,7 @@ enum { VIRTUALIZATION_LXC, VIRTUALIZATION_OPENVZ, VIRTUALIZATION_DOCKER, + VIRTUALIZATION_PODMAN, VIRTUALIZATION_RKT, VIRTUALIZATION_WSL, VIRTUALIZATION_CONTAINER_OTHER,