---
tags: Images
---
# Verify running in Container Image
References
-----------
* https://stackoverflow.com/questions/52580008/how-does-java-application-know-it-is-running-within-a-docker-container
* https://tuhrig.de/how-to-know-you-are-inside-a-docker-container/
* https://stackoverflow.com/questions/20010199/how-to-determine-if-a-process-runs-inside-lxc-docker
* https://www.freedesktop.org/software/systemd/man/systemd-detect-virt.html
* Testing using this with various podman images/docker just returned `other` so not reliable enough.
* https://people.redhat.com/~rjones/virt-what/
CGroups output
--------------
Running docker centos:7 image:
```
atlantis ❯ docker run -ti --entrypoint=/bin/bash 8652b9f0cb4c
[root@143ecdad7c48 /]# more /proc/1/cgroup
11:cpuset:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
10:cpu,cpuacct:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
9:freezer:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
8:perf_event:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
7:pids:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
6:hugetlb:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
5:devices:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
4:memory:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
3:net_cls,net_prio:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
2:blkio:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
1:name=systemd:/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
0::/system.slice/docker-143ecdad7c48c7457c33bbc2694f4dbe3b465b797bebf8749dc554c4e918ccb7.scope
[root@143ecdad7c48 /]#
```
Running podman registry.centos.org/centos:7 (or other variations)
```
podman run -ti --entrypoint=/bin/bash 8114e7c1868b
[root@4af5fdb7b350 /]# more /proc/1/cgroup
0::/
```
Local machine:
```
more /proc/1/cgroup
0::/init.scope
```
Virtual Machine
```
more /proc/1/cgroup
11:cpuset:/
10:cpu,cpuacct:/init.scope
9:freezer:/
8:perf_event:/
7:pids:/init.scope
6:hugetlb:/
5:devices:/init.scope
4:memory:/init.scope
3:net_cls,net_prio:/
2:blkio:/init.scope
1:name=systemd:/init.scope
0::/init.scope
```
Podman inside Virtual Machine
```
podman run -ti --entrypoint=/bin/bash a1bb412b2847
[root@5a0cad4f4c0a /]# more /proc/1/cgroup
11:cpuset:/
10:cpu,cpuacct:/
9:freezer:/
8:perf_event:/
7:pids:/user.slice/user-1000.slice/user@1000.service
6:hugetlb:/
5:devices:/user.slice
4:memory:/user.slice/user-1000.slice/user@1000.service
3:net_cls,net_prio:/
2:blkio:/
1:name=systemd:/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-c9caab96807849b79a6282484f211374.scope/5a0cad4f4c0a53d05b83a56e4
d62572f1438e6af112138f90254017b60c32684
0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-c9caab96807849b79a6282484f211374.scope
```
OpenShift pod:
```
-bash-4.2$ more /proc/1/cgroup
11:freezer:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
10:blkio:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
9:devices:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
8:memory:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
7:net_prio,net_cls:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
6:hugetlb:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
5:perf_event:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
4:pids:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
3:cpuacct,cpu:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
2:cpuset:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
1:name=systemd:/kubepods.slice/kubepods-pod05ad089d_3210_11eb_aec8_fa163e006653.slice/docker-a1697add8422652c3ffa877ac0b5225f35d430753d71004c862e5b05e9b5b870.scope
```
Environment
-----------
Podman image
```
strings /proc/1/environ
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM=xterm
container=podman
containers=podman
HOSTNAME=fa8ff10bdab2
HOME=/root
```
Local Machine
```
sudo strings /proc/1/environ
TERM=linux
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.9.10-200.fc33.x86_64
```
VM
```
sudo strings /proc/1/environ
TERM=linux
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.9.8-200.fc33.x86_64
```
Docker Image
```
strings /proc/1/environ
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=17ecc0373aaf
TERM=xterm
HOME=/root
```
Podman Image on VM
```
strings /proc/1/environ
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM=xterm
container=podman
containers=podman
HOSTNAME=c8484af414dc
HOME=/root
```
OpenShift pod.
Large amount of variables, interesting subset of:
```container=oci
JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk
JAVA_TOOL_OPTIONS=-Xmx1024m -Xss1m
KUBERNETES_PORT_443_TCP_ADDR=172.56.0.1
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP=tcp://172.56.0.1:443
KUBERNETES_PORT_53_TCP_ADDR=172.56.0.1
KUBERNETES_PORT_53_TCP_PORT=53
KUBERNETES_PORT_53_TCP_PROTO=tcp
KUBERNETES_PORT_53_TCP=tcp://172.56.0.1:53
KUBERNETES_PORT_53_UDP_ADDR=172.56.0.1
KUBERNETES_PORT_53_UDP_PORT=53
KUBERNETES_PORT_53_UDP_PROTO=udp
KUBERNETES_PORT_53_UDP=udp://172.56.0.1:53
KUBERNETES_PORT=tcp://172.56.0.1:443
KUBERNETES_SERVICE_HOST=172.56.0.1
KUBERNETES_SERVICE_PORT=443
KUBERNETES_SERVICE_PORT_DNS=53
KUBERNETES_SERVICE_PORT_DNS_TCP=53
KUBERNETES_SERVICE_PORT_HTTPS=443
`
```
Summary
-------
The best appears to be a combination.
* Podman always sets container/containers env variable ( note: `/proc/1/environ` is protected)
* CGroups always has docker in it for docker images.
* For OpenShift, either `kubepods` in cgroups or `KUBERNETES_PORT*` in environment.
Sign in with Wallet
Connect another wallet