morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

ssh-generator: don't do AF_VSOCK stuff if we run in a container

Browse Source 
Tighten our VM check: whether we run in a VM is not enough to do
AF_VSOCK. We also need to check if we are run in a container, because if
we run in a container inside a VM then we should *not* do the AF_VSOCK
stuff, but leave the port free for the VM itself.

As discussed here:

https://github.com/systemd/systemd/pull/31544#issuecomment-1971455401
This commit is contained in:
Lennart Poettering
2024-02-29 18:19:07 +01:00
committed by Luca Boccassi
parent d74d989c25
commit d52320337e
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssh-generator/ssh-generator.c
View File

@@ -184,10 +184,11 @@ static int add_vsock_socket(
assert(dest);
assert(generated_sshd_template_unit);
Virtualization v = detect_vm();
Virtualization v = detect_virtualization();
if (v < 0)
return log_error_errno(v, "Failed to detect if we run in a VM: %m");
if (v == VIRTUALIZATION_NONE) {
if (!VIRTUALIZATION_IS_VM(v)) {
/* NB: if we are running in a container inside a VM, then we'll *not* do AF_VSOCK stuff */
log_debug("Not running in a VM, not listening on AF_VSOCK.");
return 0;
}