Hi sebb,
On 1.12.2024 12:27, sebb wrote:
It's not clear to me that this belongs in LANG.
I tend to agree with you. Since the purpose of containers is to run
applications the same way they would run on the host system, I don't
believe this method belongs to any Java library.
Unfortunately some Java libraries:
* either have a legitimate reason to detect the presence of containers,
* or they do it for statistical purposes.
Hoping that this functionality will not be exploited like the
`User-Agent` HTTP header to modify the behavior of Java apps, I prefer
to have a reference implementation in LANG, than half-baked
implementations all over the Java ecosystem.
Assuming it does, I have doubts about how accurate it is.
I just looked in a couple of Docker containers, and neither contained
the expected entry in /proc/1/cgroup.
At the very least there need to be some tests to show that the methods work
The current implementation does not work if the host system uses Control
Group v2[1]. Integration tests will never be exhaustive, so it might be
better to test the compliance with some reference documentation.
I looked for some reference documentation on how to detect the presence
of a Docker container and I stumbled upon this thread[2] on the Docker
Community Forum. In that thread Ákos points to a `container` environment
variable as the best way to detect containers and mentions SystemD as
application that uses that convention.
That is why I propose to:
* Adopt the environment variables documented by SystemD[3] to detect if
we are running in a container. Similarly to what SystemD is currently
using, setting `container` to the empty string should cause
`RuntimeEnvironment.inContainer()` to return `false`. This should give
container developers full control on container detection in LANG.
* If there is no `container` variable, we should follow the logic used
by SystemD[4] to the letter. Since I am not willing to chase
half-working hacks and tricks all over the Web, we can say that we don't
accept additional heuristic logic, unless it has been vetted by SystemD
team (and committed to their main branch).
Piotr
[1] https://docs.kernel.org/admin-guide/cgroup-v2.html
[2]
https://forums.docker.com/t/detect-you-are-running-in-a-docker-container-buildx/139673
[3] https://systemd.io/CONTAINER_INTERFACE/#environment-variables
[4]
https://github.com/systemd/systemd/blob/0747e3b60eb4496ee122066c844210ce818d76d9/src/basic/virt.c#L692
