On Sun, 1 Dec 2024 at 14:35, Piotr P. Karwasz <pi...@mailing.copernik.eu> wrote: > > Hi sebb, > > On 1.12.2024 12:27, sebb wrote: > > It's not clear to me that this belongs in LANG. > > I tend to agree with you. Since the purpose of containers is to run > applications the same way they would run on the host system, I don't > believe this method belongs to any Java library. > > Unfortunately some Java libraries: > > * either have a legitimate reason to detect the presence of containers, > > * or they do it for statistical purposes. > > Hoping that this functionality will not be exploited like the > `User-Agent` HTTP header to modify the behavior of Java apps, I prefer > to have a reference implementation in LANG, than half-baked > implementations all over the Java ecosystem.
That seems backward logic to me. I think we should steer clear of trying to solve this. As you point out, libraries should not be doing this anyway, except perhaps in certain specialised applications. The developers of which are better placed to do the coding and testing needed. > > Assuming it does, I have doubts about how accurate it is. > > I just looked in a couple of Docker containers, and neither contained > > the expected entry in /proc/1/cgroup. > > At the very least there need to be some tests to show that the methods work > > The current implementation does not work if the host system uses Control > Group v2[1]. Integration tests will never be exhaustive, so it might be > better to test the compliance with some reference documentation. > > I looked for some reference documentation on how to detect the presence > of a Docker container and I stumbled upon this thread[2] on the Docker > Community Forum. In that thread Ákos points to a `container` environment > variable as the best way to detect containers and mentions SystemD as > application that uses that convention. > > That is why I propose to: > > * Adopt the environment variables documented by SystemD[3] to detect if > we are running in a container. Similarly to what SystemD is currently > using, setting `container` to the empty string should cause > `RuntimeEnvironment.inContainer()` to return `false`. This should give > container developers full control on container detection in LANG. > > * If there is no `container` variable, we should follow the logic used > by SystemD[4] to the letter. Since I am not willing to chase > half-working hacks and tricks all over the Web, we can say that we don't > accept additional heuristic logic, unless it has been vetted by SystemD > team (and committed to their main branch). Sounds like that would only work for unix-like OSes. AFAIK, Windows does not have a systemd process. > Piotr > > [1] https://docs.kernel.org/admin-guide/cgroup-v2.html > > [2] > https://forums.docker.com/t/detect-you-are-running-in-a-docker-container-buildx/139673 > > [3] https://systemd.io/CONTAINER_INTERFACE/#environment-variables > > [4] > https://github.com/systemd/systemd/blob/0747e3b60eb4496ee122066c844210ce818d76d9/src/basic/virt.c#L692 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
