Hi Daniel,
On 1/4/20 9:07, Daniel Abrecht via Dng wrote:
Hi,
What's the point of trying to detect if eudev is run in a container?
Is it just to not start it in that case?
Would it just fail to start in them otherwise?
Is that actually a problem?
And could eudev not just be uninstalled in a container?
I don't know. But, as far as i know, this question arises from the
developers of runit.
In any case, I don't like the idea of doing hacks like looking at
inode numbers or trying to determine if there is a container or not.
In addition to this don't like the Idea of checking for being in a
container in general.
Instead, I would check for reasons why it doesn't work in a container,
choose a sensible thing to check for out of those reasons, and then
check for that.
In this case, I would assume the following, although I haven't checked:
1) the container hypervisor (lxc/lxc, docker, libvirt-lxc, etc.) is
responsible for managing/creating device files
2) eudev exists for managing/creating device files in other kinds of
systems
3) device files can't be created in a container
4) 3. is due to the container hypervisor removing the cap_mknod
capability from containers
Given those assumptions, I think the sensible thing would be to either
check for the mknod capability, or check if device nodes can't be
created in /dev/ due to a lack of permissions. I think that's closer
to the reason why one may not want to start eudev than trying to
checking if we're in a container
Eudev already has a function regarding these funcionalities:
[...]
if (getpid() == 1) {
/* If we are PID 1 we can just check our own
* environment variable */
e = getenv("container");
if (isempty(e)) {
r = 0;
goto finish;
}
} else {
/* Otherwise, PID 1 dropped this information into a
* file in UDEV_ROOT_RUN. This is better than accessing
* /proc/1/environ, since we don't need CAP_SYS_PTRACE
* for that. */
<cut> ** THIS PART DEPENDS SOMEHOW ON SYSTEMD ** <\cut>
}
/* We only recognize a selected few here, since we want to
* enforce a redacted namespace */
if (streq(e, "lxc"))
_id ="lxc";
else if (streq(e, "lxc-libvirt"))
_id = "lxc-libvirt";
else if (streq(e, "systemd-nspawn"))
_id = "systemd-nspawn";
else if (streq(e, "docker"))
_id = "docker";
else
_id = "other";
[...]
Have a look at the code of:
int detect_container(const char **id) { ... }
in the file "virt.c":
https://github.com/gentoo/eudev/blob/master/src/shared/virt.c
<https://github.com/gentoo/eudev/blob/master/src/shared/virt.c>
Cheers,
Aitor.
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
