On Thu, Jan 21, 2016, at 10:41 AM, Chris Evich wrote: > > All, > > Looking for some advice re: a tooling bug. The problem (bug) has to do > with sosreport incorrectly determining whether or not it's not running > w/in a SPC container. The context is always going to be from within an > SPC, on an RHEL/Fedora/CentOS Atomic host. Sosreport needs to be useful > in helping diagnosing __host__ problems, with container data-collection > being a secondary use-case. > > To address detection, we're aware of 'container=docker',
The problem with this is that those patches never got into Docker to do it by default, so every SPC has to to `ENV container docker`. > For the general case (no security issue), in RHEL/Fedora/Centos Atomic > Host, within a SPC context, is checking the container env. var still the > preferred method? There are lots of aspects to containers that can be toggled on or off (for example, the pid namespace). But I suspect what almost all applications want to know is whether they're in a separate mount namespace. Well, simply the presence of /host at the moment strongly implies one is in a SPC. Maybe even better, check for /host/proc/1 or so.
