mirror of https://github.com/coder/coder.git
fix(cli/clistat): improve detection of container environment (#8643)
Use the presence of /var/run/secrets/kubernetes.io/serviceaccount/token to determine if we are in a container in addition to sniffing /proc/1/cgroup
This commit is contained in:
parent
87d5cdaf58
commit
fd372f6735
|
@ -338,7 +338,7 @@ func readInt64Prefix(fs afero.Fs, path, prefix string) (int64, error) {
|
|||
|
||||
scn := bufio.NewScanner(bytes.NewReader(data))
|
||||
for scn.Scan() {
|
||||
line := scn.Text()
|
||||
line := strings.TrimSpace(scn.Text())
|
||||
if !strings.HasPrefix(line, prefix) {
|
||||
continue
|
||||
}
|
||||
|
|
|
@ -10,8 +10,9 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
procMounts = "/proc/mounts"
|
||||
procOneCgroup = "/proc/1/cgroup"
|
||||
procMounts = "/proc/mounts"
|
||||
procOneCgroup = "/proc/1/cgroup"
|
||||
kubernetesDefaultServiceAccountToken = "/var/run/secrets/kubernetes.io/serviceaccount/token" //nolint:gosec
|
||||
)
|
||||
|
||||
// IsContainerized returns whether the host is containerized.
|
||||
|
@ -38,6 +39,14 @@ func IsContainerized(fs afero.Fs) (ok bool, err error) {
|
|||
}
|
||||
}
|
||||
|
||||
// Sometimes the above method of sniffing /proc/1/cgroup isn't reliable.
|
||||
// If a Kubernetes service account token is present, that's
|
||||
// also a good indication that we are in a container.
|
||||
_, err = afero.ReadFile(fs, kubernetesDefaultServiceAccountToken)
|
||||
if err == nil {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// Last-ditch effort to detect Sysbox containers.
|
||||
// Check if we have anything mounted as type sysboxfs in /proc/mounts
|
||||
mountsData, err := afero.ReadFile(fs, procMounts)
|
||||
|
|
Loading…
Reference in New Issue