A Microsoft Addition For systemd 246 Exposes Host OS Information To Containers

Written by Michael Larabel in systemd on 9 July 2020 at 03:02 AM EDT. 40 Comments
SYSTEMD
There is a last minute change from a Microsoft engineer to the upcoming systemd 246 that is now undergoing release preparations.

This change is allowing containers to access details about the host OS being run. In particular, the focus is on exposing the os-release details to container-like runtimes.

The change was first proposed and then written by Microsoft engineer Luca Boccassi. The original explanation in the proposal is that "We find ourselves in a situation where application running containerized (specifically as portable services, although this issue is general) need to either find information about the host, or alter their behaviour depending on the host's flavour."

Granted, exposing more host details to guests/containers can open up the system to potentially easier (more efficient/straightforward) exploit paths and that if some container images become too catered towards specific hosts it may make the containers less robust.

With systemd 246, containers will be able to find out the host's os-release details via environment variables in the container_host_KEY=VALUE syntax. The host's OS release details can also be fetched from the container via /run/host/usr/lib/os-release.

The changes were merged on Wednesday into systemd Git ahead of the v246 release.
40 Comments
Related News
systemd 257 Debuts With systemd-keyutil & systemd-sbsign Tools, Other Improvements
Feature-Packed systemd 257 Nears Release With RC3 Availability
systemd 257-rc2 Released With New systemd-keyutil Tool
systemd 257-rc1 Released With A Ton Of New Features & Changes
Busd Taking Shape As A D-Bus Broker Written In Rust
Systemd Looking At A Future With More Varlink & Less D-Bus For IPC
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries