Install Now
systemd-detect-virt - Detect execution in a virtualized environment
Contents
Description
systemd-detect-virt detects execution in a virtualized environment. It identifies the virtualization
technology and can distinguish full machine virtualization from container virtualization.
systemd-detect-virt exits with a return value of 0 (success) if a virtualization technology is detected,
and non-zero (error) otherwise. By default, any type of virtualization is detected, and the options
--container and --vm can be used to limit what types of virtualization are detected.
When executed without --quiet will print a short identifier for the detected virtualization technology.
The following technologies are currently identified:
Table1.Knownvirtualizationtechnologies(bothVM,i.e.fullhardwarevirtualization,andcontainer,i.e.sharedkernelvirtualization)
┌───────────┬────────────────┬──────────────────────────────┐
│ Type │ ID │ Product │
├───────────┼────────────────┼──────────────────────────────┤
│ VM │ qemu │ QEMU software │
│ │ │ virtualization, without KVM │
│ ├────────────────┼──────────────────────────────┤
│ │ kvm │ Linux KVM kernel virtual │
│ │ │ machine, in combination with │
│ │ │ QEMU. Not used for other │
│ │ │ virtualizers using the KVM │
│ │ │ interfaces, such as Oracle │
│ │ │ VirtualBox or Amazon EC2 │
│ │ │ Nitro, see below. │
│ ├────────────────┼──────────────────────────────┤
│ │ amazon │ Amazon EC2 Nitro using Linux │
│ │ │ KVM │
│ ├────────────────┼──────────────────────────────┤
│ │ zvm │ s390 z/VM │
│ ├────────────────┼──────────────────────────────┤
│ │ vmware │ VMware Workstation or │
│ │ │ Server, and related products │
│ ├────────────────┼──────────────────────────────┤
│ │ microsoft │ Hyper-V, also known as │
│ │ │ Viridian or Windows Server │
│ │ │ Virtualization │
│ ├────────────────┼──────────────────────────────┤
│ │ oracle │ Oracle VM VirtualBox │
│ │ │ (historically marketed by │
│ │ │ innotek and Sun │
│ │ │ Microsystems), for legacy │
│ │ │ and KVM hypervisor │
│ ├────────────────┼──────────────────────────────┤
│ │ powervm │ IBM PowerVM hypervisor — │
│ │ │ comes as firmware with some │
│ │ │ IBM POWER servers │
│ ├────────────────┼──────────────────────────────┤
│ │ xen │ Xen hypervisor (only domU, │
│ │ │ not dom0) │
│ ├────────────────┼──────────────────────────────┤
│ │ bochs │ Bochs Emulator │
│ ├────────────────┼──────────────────────────────┤
│ │ uml │ User-mode Linux │
│ ├────────────────┼──────────────────────────────┤
│ │ parallels │ Parallels Desktop, Parallels │
│ │ │ Server │
│ ├────────────────┼──────────────────────────────┤
│ │ bhyve │ bhyve, FreeBSD hypervisor │
│ ├────────────────┼──────────────────────────────┤
│ │ qnx │ QNX hypervisor │
│ ├────────────────┼──────────────────────────────┤
│ │ acrn │ ACRNhypervisor[1] │
│ ├────────────────┼──────────────────────────────┤
│ │ apple │ Applevirtualization │
│ │ │ framework[2] │
│ ├────────────────┼──────────────────────────────┤
│ │ sre │ LMHSSREhypervisor[3] │
│ ├────────────────┼──────────────────────────────┤
│ │ google │ GoogleComputeEngine[4] │
├───────────┼────────────────┼──────────────────────────────┤
│ Container │ openvz │ OpenVZ/Virtuozzo │
│ ├────────────────┼──────────────────────────────┤
│ │ lxc │ Linux container │
│ │ │ implementation by LXC │
│ ├────────────────┼──────────────────────────────┤
│ │ lxc-libvirt │ Linux container │
│ │ │ implementation by libvirt │
│ ├────────────────┼──────────────────────────────┤
│ │ systemd-nspawn │ systemd's minimal container │
│ │ │ implementation, see systemd- │
│ │ │ nspawn(1) │
│ ├────────────────┼──────────────────────────────┤
│ │ docker │ Docker container manager │
│ ├────────────────┼──────────────────────────────┤
│ │ podman │ Podman[5] container manager │
│ ├────────────────┼──────────────────────────────┤
│ │ rkt │ rkt app container runtime │
│ ├────────────────┼──────────────────────────────┤
│ │ wsl │ WindowsSubsystemfor │
│ │ │ Linux[6] │
│ ├────────────────┼──────────────────────────────┤
│ │ proot │ proot[7] userspace │
│ │ │ chroot/bind mount emulation │
│ ├────────────────┼──────────────────────────────┤
│ │ pouch │ Pouch[8] Container Engine │
└───────────┴────────────────┴──────────────────────────────┘
If multiple virtualization solutions are used, only the "innermost" is detected and identified. That
means if both machine and container virtualization are used in conjunction, only the latter will be
identified (unless --vm is passed).
Windows Subsystem for Linux is not a Linux container, but an environment for running Linux userspace
applications on top of the Windows kernel using a Linux-compatible interface. WSL is categorized as a
container for practical purposes. Multiple WSL environments share the same kernel and services should
generally behave like when being run in a container.
When executed with --cvm, instead of printing the virtualization technology, it will display the
confidential virtual machine technology, if any. The following technologies are currently identified:
Table2.Knownconfidentialvirtualizationtechnologies
┌────────┬──────────┬──────────────────────────────┐
│ Arch │ ID │ Technology │
├────────┼──────────┼──────────────────────────────┤
│ x86_64 │ sev │ AMD Secure Encrypted │
│ │ │ Virtualization │
│ ├──────────┼──────────────────────────────┤
│ │ sev-es │ AMD Secure Encrypted │
│ │ │ Virtualization - Encrypted │
│ │ │ State │
│ ├──────────┼──────────────────────────────┤
│ │ sev-snp │ AMD Secure Encrypted │
│ │ │ Virtualization - Secure │
│ │ │ Nested Paging │
│ ├──────────┼──────────────────────────────┤
│ │ tdx │ Intel Trust Domain │
│ │ │ Extensions │
├────────┼──────────┼──────────────────────────────┤
│ s390x │ protvirt │ IBM Protected Virtualization │
│ │ │ (Secure Execution) │
└────────┴──────────┴──────────────────────────────┘
Exit Status
If a virtualization technology is detected, 0 is returned, a non-zero code otherwise.
Name
systemd-detect-virt - Detect execution in a virtualized environment
Notes
1. ACRN hypervisor
https://projectacrn.org
2. Apple virtualization framework
https://developer.apple.com/documentation/virtualization
3. LMHS SRE hypervisor
https://www.lockheedmartin.com/en-us/products/Hardened-Security-for-Intel-Processors.html
4. Google Compute Engine
https://cloud.google.com/compute
5. Podman
https://podman.io
6. Windows Subsystem for Linux
https://docs.microsoft.com/en-us/windows/wsl/about
7. proot
https://proot-me.github.io/
8. Pouch
https://github.com/alibaba/pouch
systemd 257.4 SYSTEMD-DETECT-VIRT(1)
Options
The following options are understood:
-c, --container
Only detects container virtualization (i.e. shared kernel virtualization).
-v, --vm
Only detects hardware virtualization.
-r, --chroot
Detect whether invoked in a chroot(2) environment. In this mode, no output is written, but the return
value indicates whether the process was invoked in a chroot() environment or not.
Added in version 228.
--private-users
Detect whether invoked in a user namespace. In this mode, no output is written, but the return value
indicates whether the process was invoked inside of a user namespace or not. See user_namespaces(7)
for more information.
Added in version 232.
--cvm
Detect whether invoked in a confidential virtual machine. The result of this detection may be used to
disable features that should not be used in confidential VMs. It must not be used to release security
sensitive information. The latter must only be released after attestation of the confidential
environment.
Added in version 254.
-q, --quiet
Suppress output of the virtualization technology identifier.
--list
Output all currently known and detectable container and VM environments.
Added in version 239.
--list-cvm
Output all currently known and detectable confidential virtualization technologies.
Added in version 254.
-h, --help
Print a short help text and exit.
--version
Print a short version string and exit.
See Also
systemd(1), systemd-nspawn(1), chroot(2), namespaces(7)
Synopsis
systemd-detect-virt [OPTIONS...]
Emojis
SVG Icons
PNG Icons