From cf8be50a3d0348158be7efe222eaa4ca480e176d Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 22 Nov 2023 11:37:37 +0100 Subject: [PATCH] MINOR: debug: report in port_mortem whether a container was detected Containers often cause significant trouble depending on how they're set up, and they're not always trivial for their users to extract info from. Here we're trying to detect if we're running inside a container on Linux. There are plenty of approaches and none is perfectly clean nor reliable, which makes sense since the goal is to remain transparent enough. One interesting approach is to rely on the observation that containers generally do not expose most kernel threads, and that the very firsts of them are extremely stable across all kernel versions: pid 2 was called "keventd" in kernel 2.4, became "kthreadd" in kernel 2.6, and has since not changed. This is true on all architectures tested, even with highly stripped down kernels such as those found on 15 year-old OpenWRT images. And this one doesn't appear inside containers. Thus here we check if we find such a thread via /proc and whether it's called keventd or kthreadd, to detect a container, and we set the "cont_techno" variable to "yes" or "no" depending on what is found. --- src/debug.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/debug.c b/src/debug.c index 166c85235..a637304a7 100644 --- a/src/debug.c +++ b/src/debug.c @@ -83,6 +83,7 @@ struct post_mortem { char hw_model[64]; // hardware/hypervisor product/model when known char brd_vendor[64]; // mainboard vendor when known char brd_model[64]; // mainboard model when known + char cont_techno[16]; // empty, "no", "yes", "docker" or others } platform; } post_mortem ALIGNED(256) = { }; @@ -460,6 +461,8 @@ static int debug_parse_cli_show_dev(char **args, char *payload, struct appctx *a chunk_appendf(&trash, " board vendor: %s\n", post_mortem.platform.brd_vendor); if (*post_mortem.platform.brd_model) chunk_appendf(&trash, " board model: %s\n", post_mortem.platform.brd_model); + if (*post_mortem.platform.cont_techno) + chunk_appendf(&trash, " container: %s\n", post_mortem.platform.cont_techno); if (*post_mortem.platform.utsname.sysname) chunk_appendf(&trash, " OS name: %s\n", post_mortem.platform.utsname.sysname); if (*post_mortem.platform.utsname.release) @@ -1927,6 +1930,16 @@ static void feed_post_mortem_linux() strcmp(trash.area, post_mortem.platform.hw_family) != 0 && strcmp(trash.area, post_mortem.platform.hw_model) != 0)) strlcpy2(post_mortem.platform.brd_model, trash.area, sizeof(post_mortem.platform.brd_model)); + + /* Check for containers. In a container on linux we don't see keventd (2.4) kthreadd (2.6+) on pid 2 */ + if (read_line_to_trash("/proc/2/status") <= 0 || + (strcmp(trash.area, "Name:\tkthreadd") != 0 && + strcmp(trash.area, "Name:\tkeventd") != 0)) { + strlcpy2(post_mortem.platform.cont_techno, "yes", sizeof(post_mortem.platform.cont_techno)); + } + else { + strlcpy2(post_mortem.platform.cont_techno, "no", sizeof(post_mortem.platform.cont_techno)); + } #endif // __linux__ }