On Thu, Jul 14, 2011 at 02:37:20PM +0200, Adam Borowski wrote: > On Thu, Jul 14, 2011 at 01:29:44PM +0100, Roger Leigh wrote: > > On Thu, Jul 14, 2011 at 01:21:54PM +0200, Adam Borowski wrote: > > > On Thu, Jul 14, 2011 at 12:15:40PM +0100, Roger Leigh wrote: > > > > On Thu, Jul 14, 2011 at 01:01:20PM +0200, Adam Borowski wrote: > > > > > On Thu, Jul 14, 2011 at 11:57:29AM +0100, Roger Leigh wrote: > > > > > > What is the return value of ischroot in the vserver (when run as > > > > > > root)? > > > > > > > > > > 2 (failure to detect) > > > > > > > > Does /proc (/proc/1/root) exist inside the vserver? Is /proc > > > > available during normal vserver operation? > > > > > > It exists, but is unreadable, even to root: > > > > > > [~]# ls -al /proc/1/root > > > ls: cannot read symbolic link /proc/1/root: Permission denied > > > lrwxrwxrwx 1 root root 0 Jul 14 10:57 /proc/1/root > > > > Is /proc/self/vinfo readable? > > It is. > > > We were using the following logic prior to the use of ischroot. Does it > > work correctly for you? > > > > if [ -e /proc/self/vinfo ]; then > > # If XID: 0 is found, we're a vserver > > # host, *not* a guest, hence return > > # false > > if grep '^XID:[[:space:]]*0$' /proc/self/vinfo 2>&1 >/dev/null; then > > return 1 > > fi > > fi > > It does. Returns 1 on the host, passes through on guest. > Both on lenny and squeeze kernels.
Great, thanks. So that's definitely what's missing. CCing Clint and Aurelien: Does this type of check belong in "ischroot", or would it need adding to a separate (e.g. "isvserver") tool? Is the scope of ischroot limited to plain chroot(2) chroots, or can we sanely add the above logic to extend its reach to virtualisation containers as well? For the current users e.g. initscripts, udev(?), vserver-type containers also fall into the group of chroot-like environments which we need to treat specially, so having it in ischroot would be helpful for us since we can support them all with a single check. However, I wouldn't object to having it in a separate tool if that's more appropriate; I can just do if ischroot || isvserver for example. But having it in a single tool means we can keep the tool platform-agnostic, since hurd/kfreebsd won't support vservers, and/or might have their own equivalents. Thanks, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
signature.asc
Description: Digital signature
