Land #18191, Improve post linux checkcontainer

This PR adds support for detecting whether a session is running in a podman container and improves detection for sessions running in Docker, LXC and WLS containers.
rapid7 · Aug 8, 2023 · 6e8d0b3 · 6e8d0b3
2 parents a5cdbca + 0df2f57
commit 6e8d0b3
Showing 1 changed file with 29 additions and 1 deletion.
diff --git a/modules/post/linux/gather/checkcontainer.rb b/modules/post/linux/gather/checkcontainer.rb
@@ -14,7 +14,7 @@ def initialize(info = {})
         'Description' => %q{
           This module attempts to determine whether the system is running
           inside of a container and if so, which one. This module supports
-          detection of Docker, LXC, and systemd nspawn.
+          detection of Docker, WSL, LXC, Podman and systemd nspawn.
         },
         'License' => MSF_LICENSE,
         'Author' => [ 'James Otten <jamesotten1[at]gmail.com>'],
@@ -33,6 +33,32 @@ def run
       container = 'Docker'
     end
 
+    # Check for .dockerinit file
+    if container.nil? && file?('/.dockerinit')
+      container = 'Docker'
+    end
+
+    # Check for /.containerenv file
+    if container.nil? && file?('/run/.containerenv')
+      container = 'Podman'
+    end
+
+    # Check for /dev/lxd/sock file
+    if container.nil? && directory?('/dev/lxc')
+      container = 'LXC'
+    end
+
+    # Check for WSL, as suggested in https://github.com/Microsoft/WSL/issues/423#issuecomment-221627364
+    if container.nil? && file?('/proc/sys/kernel/osrelease')
+      osrelease = read_file('/proc/sys/kernel/osrelease')
+      if osrelease
+        case osrelease.tr("\n", ' ')
+        when /WSL|Microsoft/i
+          container = 'WSL'
+        end
+      end
+    end
+
     # Check cgroup on PID 1
     if container.nil?
       cgroup = read_file('/proc/1/cgroup')
@@ -54,6 +80,8 @@ def run
         container = 'LXC'
       when 'systemd-nspawn'
         container = 'systemd nspawn'
+      when 'podman'
+        container = 'podman'
       end
     end