tailscale

hostinfo: make lxcfs container check more specific

Instead of treating any lxcfs mount as an indicator that we're running
in a container, check for one of the mounts actually used by LXC
containers.

For reference, here's a list of mounts I am seeing in an LXC container:

```
$ grep lxcfs /proc/mounts
lxcfs /proc/cpuinfo fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
lxcfs /proc/diskstats fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
lxcfs /proc/loadavg fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
lxcfs /proc/meminfo fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
lxcfs /proc/stat fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
lxcfs /proc/swaps fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
lxcfs /proc/uptime fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
lxcfs /sys/devices/system/cpu/online fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
```

Fixes #8444

Signed-off-by: Anton Tolchanov <anton@tailscale.com>

pull/8447/head

Anton Tolchanov committed by

Anton Tolchanov

parent c11af12a49

commit 2cf6e12790

1 changed files with 1 additions and 1 deletions

										
											2

hostinfo/hostinfo.go

										Unescape
										Escape
									
											View File
										
				@ -283,7 +283,7 @@ func inContainer() opt.Bool {

						return nil

					})

					lineread.File("/proc/mounts", func(line []byte) error {

						if mem.Contains(mem.B(line), mem.S("fuse.lxcfs")) {

						if mem.Contains(mem.B(line), mem.S("lxcfs /proc/cpuinfo fuse.lxcfs")) {

							ret.Set(true)

							return io.EOF

						}

Loading…

Cancel

Save

hostinfo: make lxcfs container check more specific

2 hostinfo/hostinfo.go Unescape Escape View File

2

hostinfo/hostinfo.go

Unescape Escape View File