mirror of
https://github.com/inspec/inspec
synced 2024-11-23 05:03:07 +00:00
Adds the check to detect the kubepods and podman container.
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
parent
01bc7afc7a
commit
cd893ce1eb
1 changed files with 9 additions and 3 deletions
|
@ -190,7 +190,7 @@ module Inspec::Resources
|
|||
true
|
||||
end
|
||||
|
||||
# Detect LXC/Docker
|
||||
# Detect LXC/Docker/k8s/podman
|
||||
#
|
||||
# /proc/self/cgroup will look like this inside a docker container:
|
||||
# <index #>:<subsystem>:/lxc/<hexadecimal container id>
|
||||
|
@ -208,7 +208,7 @@ module Inspec::Resources
|
|||
#
|
||||
# Full notes, https://tickets.opscode.com/browse/OHAI-551
|
||||
# Kernel docs, https://www.kernel.org/doc/Documentation/cgroups
|
||||
def detect_lxc_docker
|
||||
def detect_container
|
||||
return false unless inspec.file("/proc/self/cgroup").exist?
|
||||
|
||||
cgroup_content = inspec.file("/proc/self/cgroup").content
|
||||
|
@ -216,6 +216,12 @@ module Inspec::Resources
|
|||
cgroup_content =~ %r{^\d+:[^:]+:/[^/]+/(lxc|docker)-.+$} # rubocop:disable Layout/MultilineOperationIndentation
|
||||
@virtualization_data[:system] = $1 # rubocop:disable Style/PerlBackrefs
|
||||
@virtualization_data[:role] = "guest"
|
||||
elsif cgroup_content =~ %r{^\d+:[^:]+:/(kubepods)/.+$}
|
||||
@virtualization_data[:system] = $1
|
||||
@virtualization_data[:role] = "guest"
|
||||
elsif /container=podman/.match?(file_read("/proc/1/environ"))
|
||||
@virtualization_data[:system] = "podman"
|
||||
@virtualization_data[:role] = "guest"
|
||||
elsif lxc_version_exists? && cgroup_content =~ %r{\d:[^:]+:/$}
|
||||
# lxc-version shouldn't be installed by default
|
||||
# Even so, it is likely we are on an LXC capable host that is not being used as such
|
||||
|
@ -297,7 +303,7 @@ module Inspec::Resources
|
|||
return if detect_docker
|
||||
return if detect_virtualbox
|
||||
return if detect_lxd
|
||||
return if detect_lxc_docker
|
||||
return if detect_container
|
||||
return if detect_linux_vserver
|
||||
return if detect_kvm_from_cpuinfo
|
||||
return if detect_kvm_from_sys
|
||||
|
|
Loading…
Reference in a new issue