Skip to content

Commit

Permalink
install: Just check if we're pid1
Browse files Browse the repository at this point in the history
I'm working on a buildsystem where we run a "supermin" VM that
doesn't use systemd as pid1.  There's no reason to hard
require systemd for this.  This check isn't fully correct because
it will allow things to pass if someone does `podman run --init`
to make us pid2, but still in a userns.  In theory we could detect
that in the future.
  • Loading branch information
cgwalters committed Nov 11, 2023
1 parent 9137908 commit 2be886d
Showing 1 changed file with 3 additions and 7 deletions.
10 changes: 3 additions & 7 deletions lib/src/install.rs
Original file line number Diff line number Diff line change
Expand Up @@ -722,13 +722,9 @@ pub(crate) fn finalize_filesystem(fs: &Utf8Path) -> Result<()> {
Ok(())
}

fn require_systemd_pid1() -> Result<()> {
fn require_host_pidns() -> Result<()> {
// We require --pid=host
let pid = std::fs::read_link("/proc/1/exe").context("reading /proc/1/exe")?;
let pid = pid
.to_str()
.ok_or_else(|| anyhow::anyhow!("Non-UTF8 /proc/1/exe"))?;
if !pid.contains("systemd") {
if rustix::process::getpid().is_init() {
anyhow::bail!("This command must be run with --pid=host")
}
Ok(())
Expand Down Expand Up @@ -809,7 +805,7 @@ async fn prepare_install(
) -> Result<Arc<State>> {
// We need full root privileges, i.e. --privileged in podman
crate::cli::require_root()?;
require_systemd_pid1()?;
require_host_pidns()?;

if cfg!(target_arch = "s390x") {
anyhow::bail!("Installation is not supported on this architecture yet");
Expand Down

0 comments on commit 2be886d

Please sign in to comment.