Re: [atomic-devel] Q: Detecting Container-ness is still container=something?

[Colin Walters <walters verbum org>]

On Thu, Jan 21, 2016, at 10:41 AM, Chris Evich wrote:
> 
> All,
> 
> Looking for some advice re: a tooling bug.  The problem (bug) has to do 
> with sosreport incorrectly determining whether or not it's not running 
> w/in a SPC container.  The context is always going to be from within an 
> SPC, on an RHEL/Fedora/CentOS Atomic host.  Sosreport needs to be useful 
> in helping diagnosing __host__ problems, with container data-collection 
> being a secondary use-case.
> 
> To address detection, we're aware of 'container=docker',

The problem with this is that those patches never got into Docker to do
it by default, so every SPC has to to `ENV container docker`.

> For the general case (no security issue), in RHEL/Fedora/Centos Atomic 
> Host, within a SPC context, is checking the container env. var still the 
> preferred method?

There are lots of aspects to containers that can be toggled on or off
(for example, the pid namespace).  But I suspect what almost all
applications want to know is whether they're in a separate mount
namespace.

Well, simply the presence of /host at the moment strongly implies
one is in a SPC.  Maybe even better, check for /host/proc/1 or so.