1SYSTEMD-DETECT-VIRT(1) systemd-detect-virt SYSTEMD-DETECT-VIRT(1)
2
6 systemd-detect-virt - Detect execution in a virtualized environment
7
9 systemd-detect-virt [OPTIONS...]
10
12 systemd-detect-virt detects execution in a virtualized environment. It
13 identifies the virtualization technology and can distinguish full
14 machine virtualization from container virtualization.
15 systemd-detect-virt exits with a return value of 0 (success) if a
16 virtualization technology is detected, and non-zero (error) otherwise.
17 By default, any type of virtualization is detected, and the options
18 --container and --vm can be used to limit what types of virtualization
19 are detected.
20 When executed without --quiet will print a short identifier for the
22 detected virtualization technology. The following technologies are
23 currently identified:
24 Table 1. Known virtualization technologies (both VM, i.e. full hardware
26 virtualization, and container, i.e. shared kernel virtualization)
27 ┌──────────┬────────────────┬─────────────────────────────┐
28 │Type │ ID │ Product │
29 ├──────────┼────────────────┼─────────────────────────────┤
30 │VM │ qemu │ QEMU software │
31 │ │ │ virtualization, │
32 │ │ │ without KVM │
33 │ ├────────────────┼─────────────────────────────┤
34 │ │ kvm │ Linux KVM kernel │
35 │ │ │ virtual machine, in │
36 │ │ │ combination with │
37 │ │ │ QEMU. Not used for │
38 │ │ │ other virtualizers │
39 │ │ │ using the KVM │
40 │ │ │ interfaces, such as │
41 │ │ │ Oracle VirtualBox │
42 │ │ │ or Amazon EC2 │
43 │ │ │ Nitro, see below. │
44 │ ├────────────────┼─────────────────────────────┤
45 │ │ amazon │ Amazon EC2 Nitro │
46 │ │ │ using Linux KVM │
47 │ ├────────────────┼─────────────────────────────┤
48 │ │ zvm │ s390 z/VM │
49 │ ├────────────────┼─────────────────────────────┤
50 │ │ vmware │ VMware Workstation │
51 │ │ │ or Server, and │
52 │ │ │ related products │
53 │ ├────────────────┼─────────────────────────────┤
54 │ │ microsoft │ Hyper-V, also known │
55 │ │ │ as Viridian or │
56 │ │ │ Windows Server │
57 │ │ │ Virtualization │
58 │ ├────────────────┼─────────────────────────────┤
59 │ │ oracle │ Oracle VM │
60 │ │ │ VirtualBox │
61 │ │ │ (historically │
62 │ │ │ marketed by innotek │
63 │ │ │ and Sun │
64 │ │ │ Microsystems), for │
65 │ │ │ legacy and KVM │
66 │ │ │ hypervisor │
67 │ ├────────────────┼─────────────────────────────┤
68 │ │ powervm │ IBM PowerVM │
69 │ │ │ hypervisor — comes │
70 │ │ │ as firmware with │
71 │ │ │ some IBM POWER │
72 │ │ │ servers │
73 │ ├────────────────┼─────────────────────────────┤
74 │ │ xen │ Xen hypervisor │
75 │ │ │ (only domU, not │
76 │ │ │ dom0) │
77 │ ├────────────────┼─────────────────────────────┤
78 │ │ bochs │ Bochs Emulator │
79 │ ├────────────────┼─────────────────────────────┤
80 │ │ uml │ User-mode Linux │
81 │ ├────────────────┼─────────────────────────────┤
82 │ │ parallels │ Parallels Desktop, │
83 │ │ │ Parallels Server │
84 │ ├────────────────┼─────────────────────────────┤
85 │ │ bhyve │ bhyve, FreeBSD │
86 │ │ │ hypervisor │
87 │ ├────────────────┼─────────────────────────────┤
88 │ │ qnx │ QNX hypervisor │
89 │ ├────────────────┼─────────────────────────────┤
90 │ │ acrn │ ACRN hypervisor[1] │
91 │ ├────────────────┼─────────────────────────────┤
92 │ │ apple │ Apple │
93 │ │ │ Virtualization.framework[2] │
94 │ ├────────────────┼─────────────────────────────┤
95 │ │ sre │ LMHS SRE hypervisor[3] │
96 ├──────────┼────────────────┼─────────────────────────────┤
97 │Container │ openvz │ OpenVZ/Virtuozzo │
98 │ ├────────────────┼─────────────────────────────┤
99 │ │ lxc │ Linux container │
100 │ │ │ implementation by LXC │
101 │ ├────────────────┼─────────────────────────────┤
102 │ │ lxc-libvirt │ Linux container │
103 │ │ │ implementation by libvirt │
104 │ ├────────────────┼─────────────────────────────┤
105 │ │ systemd-nspawn │ systemd's minimal container │
106 │ │ │ implementation, see │
107 │ │ │ systemd-nspawn(1) │
108 │ ├────────────────┼─────────────────────────────┤
109 │ │ docker │ Docker container manager │
110 │ ├────────────────┼─────────────────────────────┤
111 │ │ podman │ Podman[4] container manager │
112 │ ├────────────────┼─────────────────────────────┤
113 │ │ rkt │ rkt app container runtime │
114 │ ├────────────────┼─────────────────────────────┤
115 │ │ wsl │ Windows Subsystem for │
116 │ │ │ Linux[5] │
117 │ ├────────────────┼─────────────────────────────┤
118 │ │ proot │ proot[6] userspace │
119 │ │ │ chroot/bind mount emulation │
120 │ ├────────────────┼─────────────────────────────┤
121 │ │ pouch │ Pouch[7] Container Engine │
122 └──────────┴────────────────┴─────────────────────────────┘
123 If multiple virtualization solutions are used, only the "innermost" is
125 detected and identified. That means if both machine and container
126 virtualization are used in conjunction, only the latter will be
127 identified (unless --vm is passed).
128 Windows Subsystem for Linux is not a Linux container, but an
130 environment for running Linux userspace applications on top of the
131 Windows kernel using a Linux-compatible interface. WSL is categorized
132 as a container for practical purposes. Multiple WSL environments share
133 the same kernel and services should generally behave like when being
134 run in a container.
135
137 The following options are understood:
138 -c, --container
140 Only detects container virtualization (i.e. shared kernel
141 virtualization).
142 -v, --vm
144 Only detects hardware virtualization.
145 -r, --chroot
147 Detect whether invoked in a chroot(2) environment. In this mode, no
148 output is written, but the return value indicates whether the
149 process was invoked in a chroot() environment or not.
150 --private-users
152 Detect whether invoked in a user namespace. In this mode, no output
153 is written, but the return value indicates whether the process was
154 invoked inside of a user namespace or not. See user_namespaces(7)
155 for more information.
156 --cvm
158 Detect whether invoked in a confidential virtual machine. The
159 result of this detection may be used to disable features that
160 should not be used in confidential VMs. It must not be used to
161 release security sensitive information. The latter must only be
162 released after attestation of the confidential environment.
163 -q, --quiet
165 Suppress output of the virtualization technology identifier.
166 --list
168 Output all currently known and detectable container and VM
169 environments.
170 --list-cvm
172 Output all currently known and detectable confidential
173 virtualization technologies.
174 -h, --help
176 Print a short help text and exit.
177 --version
179 Print a short version string and exit.
180
182 If a virtualization technology is detected, 0 is returned, a non-zero
183 code otherwise.
184
186 systemd(1), systemd-nspawn(1), chroot(2), namespaces(7)
187
189 1. ACRN hypervisor
190 https://projectacrn.org
191 2. Apple Virtualization.framework
193 https://developer.apple.com/documentation/virtualization
194 3. LMHS SRE hypervisor
196 https://www.lockheedmartin.com/en-us/products/Hardened-Security-for-Intel-Processors.html
197 4. Podman
199 https://podman.io
200 5. Windows Subsystem for Linux
202 https://docs.microsoft.com/en-us/windows/wsl/about
203 6. proot
205 https://proot-me.github.io/
206 7. Pouch
208 https://github.com/alibaba/pouch
209systemd 254 SYSTEMD-DETECT-VIRT(1)