From 2cf6e127907641bdb9eb5cd8e8cf14e968b571d7 Mon Sep 17 00:00:00 2001 From: Anton Tolchanov Date: Mon, 26 Jun 2023 15:04:39 +0100 Subject: [PATCH] hostinfo: make lxcfs container check more specific Instead of treating any lxcfs mount as an indicator that we're running in a container, check for one of the mounts actually used by LXC containers. For reference, here's a list of mounts I am seeing in an LXC container: ``` $ grep lxcfs /proc/mounts lxcfs /proc/cpuinfo fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/diskstats fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/loadavg fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/meminfo fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/stat fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/swaps fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/uptime fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /sys/devices/system/cpu/online fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 ``` Fixes #8444 Signed-off-by: Anton Tolchanov --- hostinfo/hostinfo.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hostinfo/hostinfo.go b/hostinfo/hostinfo.go index 2280c6a5a..65fd676a8 100644 --- a/hostinfo/hostinfo.go +++ b/hostinfo/hostinfo.go @@ -283,7 +283,7 @@ func inContainer() opt.Bool { return nil }) lineread.File("/proc/mounts", func(line []byte) error { - if mem.Contains(mem.B(line), mem.S("fuse.lxcfs")) { + if mem.Contains(mem.B(line), mem.S("lxcfs /proc/cpuinfo fuse.lxcfs")) { ret.Set(true) return io.EOF }