Check enabled LXC features from INSIDE container?

[fdcastel]

Given these two LXC features (keyctl and nesting):



there is a way to programmatically query them from inside the container?



I found /sys/module/kvm_intel/parameters/nested but unfortunately it returns "Y" for both nesting=0 and nesting=1 containers.

 

[pkey]

Keyctl

keyctl show

nesting

sudo unshare --mount --pid --fork --mount-proc bash

The last on didn't work without nesting.

 

[fdcastel]

Thank you very much @pikey!!!



Unfortunately keyctl needs an additional package installed into container:

# keyctl
Command 'keyctl' not found, but can be installed with:
apt install keyutils

Do you know any alternate way that doesn't require additional packages?

nesting

sudo unshare --mount --pid --fork --mount-proc bash

The last on didn't work without nesting.

Perfect! For the record, I used:

unshare --mount --pid --fork --mount-proc true

which will return 0 (ok) if nesting is enabled and 1 (error) otherwise.

 

[Kingneutron]

> Do you know any alternate way that doesn't require additional packages?

If it's a container and you have root on the box, why not just install the package...?

 

[fdcastel]

Just being picky. You know... The less, the better.

Changing a system just to query a single option seems excessive. That's why I'm interested in alternative ways to get this.