Fix docker-in-docker detection for cgroups v2 #3535
Merged
+201
−69
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This seems to work for me. I believe the change to the contents of |
asottile
reviewed
Sep 6, 2025
tests/languages/docker_test.py
Outdated
Comment on lines
136
to
138
| def test_in_docker_docker_in_file(): | ||
| with _mock_open(DOCKER_CGROUP_EXAMPLE): | ||
| with _mock_open(DOCKER_MOUNTINFO_EXAMPLE): | ||
| assert docker._is_in_docker() is True |
Member
There was a problem hiding this comment.
these tests should not change. if you want to add additional behaviour you can't break the existing behaviour
Contributor
Author
There was a problem hiding this comment.
I'm not adding an additional behaviour, I'm changing the existing one, because it is not working.
Contributor
Author
There was a problem hiding this comment.
Do you have cgroups v2?
Member
There was a problem hiding this comment.
no I don't and many of my users don't as well obviously
Member
There was a problem hiding this comment.
ok maybe you're not understanding. just because it's broken in cgroups v2 doesn't mean your fix can break everyone else
Contributor
Author
There was a problem hiding this comment.
I don't break anything. It's backwards compatible. You can test it on your own setup.
Contributor
Author
There was a problem hiding this comment.
@asottile, could you please test this pull request on your setup to make sure everything is working fine?
Member
There was a problem hiding this comment.
here's a few I have access to for example:
podman cgroups v1:
root@396149e7b704:/# cat /proc/1/cgroup
13:freezer:/
12:devices:/user.slice
11:hugetlb:/
10:misc:/
9:blkio:/
8:net_cls,net_prio:/
7:perf_event:/
6:memory:/user.slice/user-1000.slice/user@1000.service
5:pids:/user.slice/user-1000.slice/user@1000.service
4:cpuset:/
3:cpu,cpuacct:/
2:rdma:/
1:name=systemd:/user.slice/user-1000.slice/user@1000.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-0c50448e-b395-4d76-8b92-379f16e5066f.scope
0::/user.slice/user-1000.slice/user@1000.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-0c50448e-b395-4d76-8b92-379f16e5066f.scope
root@396149e7b704:/# cat /proc/1/mountinfo
1200 915 0:57 / / rw,relatime - overlay overlay rw,lowerdir=/home/asottile/.local/share/containers/storage/overlay/l/ZWAU3VY3ZHABQJRBUAFPBX7R5D,upperdir=/home/asottile/.local/share/containers/storage/overlay/72504ef163fda63838930450553b7306412ccad139a007626732b3dc43af5200/diff,workdir=/home/asottile/.local/share/containers/storage/overlay/72504ef163fda63838930450553b7306412ccad139a007626732b3dc43af5200/work,volatile,userxattr
1204 1200 0:62 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
1205 1200 0:63 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,uid=1000,gid=1000,inode64
1206 1200 0:64 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs rw
1207 1205 0:65 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=100004,mode=620,ptmxmode=666
1208 1205 0:61 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
1209 1200 0:53 /containers/overlay-containers/396149e7b7041bd864723d6fe196b53422172c3bdbe7b94248eb7c131f22b77f/userdata/.containerenv /run/.containerenv rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=814036k,mode=700,uid=1000,gid=1000,inode64
1210 1200 0:53 /containers/overlay-containers/396149e7b7041bd864723d6fe196b53422172c3bdbe7b94248eb7c131f22b77f/userdata/resolv.conf /etc/resolv.conf rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=814036k,mode=700,uid=1000,gid=1000,inode64
1211 1200 0:53 /containers/overlay-containers/396149e7b7041bd864723d6fe196b53422172c3bdbe7b94248eb7c131f22b77f/userdata/hosts /etc/hosts rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=814036k,mode=700,uid=1000,gid=1000,inode64
1212 1205 0:56 / /dev/shm rw,relatime - tmpfs shm rw,size=64000k,uid=1000,gid=1000,inode64
1213 1200 0:53 /containers/overlay-containers/396149e7b7041bd864723d6fe196b53422172c3bdbe7b94248eb7c131f22b77f/userdata/hostname /etc/hostname rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=814036k,mode=700,uid=1000,gid=1000,inode64
1214 1206 0:66 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs cgroup rw,size=1024k,uid=1000,gid=1000,inode64
1215 1214 0:43 / /sys/fs/cgroup/freezer ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,freezer
1216 1214 0:42 /user.slice /sys/fs/cgroup/devices ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,devices
1217 1214 0:41 / /sys/fs/cgroup/hugetlb ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,hugetlb
1218 1214 0:40 / /sys/fs/cgroup/misc ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,misc
1219 1214 0:39 / /sys/fs/cgroup/blkio ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,blkio
1220 1214 0:38 / /sys/fs/cgroup/net_cls,net_prio ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,net_cls,net_prio
1221 1214 0:37 / /sys/fs/cgroup/perf_event ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,perf_event
1222 1214 0:36 /user.slice/user-1000.slice/user@1000.service /sys/fs/cgroup/memory ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,memory
1223 1214 0:35 /user.slice/user-1000.slice/user@1000.service /sys/fs/cgroup/pids ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,pids
1224 1214 0:34 / /sys/fs/cgroup/cpuset ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpuset
1225 1214 0:33 / /sys/fs/cgroup/cpu,cpuacct ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,cpu,cpuacct
1226 1214 0:32 / /sys/fs/cgroup/rdma ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,rdma
1227 1214 0:29 /user.slice/user-1000.slice/user@1000.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-0c50448e-b395-4d76-8b92-379f16e5066f.scope /sys/fs/cgroup/systemd ro,nosuid,nodev,noexec,relatime - cgroup cgroup rw,xattr,name=systemd
1228 1205 0:5 /null /dev/null rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1229 1205 0:5 /zero /dev/zero rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1230 1205 0:5 /full /dev/full rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1231 1205 0:5 /tty /dev/tty rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1232 1205 0:5 /random /dev/random rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1233 1205 0:5 /urandom /dev/urandom rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1234 1204 0:67 / /proc/acpi ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
1235 1204 0:5 /null /proc/kcore rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1236 1204 0:5 /null /proc/keys rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1237 1204 0:5 /null /proc/timer_list rw,nosuid,noexec,relatime - devtmpfs udev rw,size=4031656k,nr_inodes=1007914,mode=755,inode64
1238 1204 0:68 / /proc/scsi ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
1239 1206 0:69 / /sys/firmware ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
1240 1206 0:70 / /sys/dev/block ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
1241 1204 0:62 /asound /proc/asound ro,relatime - proc proc rw
1242 1204 0:62 /bus /proc/bus ro,relatime - proc proc rw
1243 1204 0:62 /fs /proc/fs ro,relatime - proc proc rw
1244 1204 0:62 /irq /proc/irq ro,relatime - proc proc rw
1245 1204 0:62 /sys /proc/sys ro,relatime - proc proc rw
1256 1204 0:62 /sysrq-trigger /proc/sysrq-trigger ro,relatime - proc proc rw
916 1205 0:65 /0 /dev/console rw,relatime - devpts devpts rw,gid=100004,mode=620,ptmxmode=666docker cgroups v1:
root@2669e6e0af4b:/# cat /proc/1/cgroup
13:freezer:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
12:devices:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
11:hugetlb:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
10:misc:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
9:blkio:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
8:net_cls,net_prio:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
7:perf_event:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
6:memory:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
5:pids:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
4:cpuset:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
3:cpu,cpuacct:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
2:rdma:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
1:name=systemd:/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
0::/docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c
root@2669e6e0af4b:/# cat /proc/1/mountinfo
759 717 0:52 / / rw,relatime master:300 - overlay overlay rw,lowerdir=/var/lib/docker/overlay2/l/PCPE5P5IVGM7CFCPJR353N3ONK:/var/lib/docker/overlay2/l/EQFSDHFAJ333VEMEJD4ZTRIZCB,upperdir=/var/lib/docker/overlay2/0d9f6bf186030d796505b87d6daa92297355e47641e283d3c09d83a7f221e462/diff,workdir=/var/lib/docker/overlay2/0d9f6bf186030d796505b87d6daa92297355e47641e283d3c09d83a7f221e462/work
760 759 0:58 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
761 759 0:59 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
762 761 0:60 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
763 759 0:61 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs ro
764 763 0:62 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime - tmpfs tmpfs rw,mode=755,inode64
765 764 0:29 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/systemd ro,nosuid,nodev,noexec,relatime master:11 - cgroup cgroup rw,xattr,name=systemd
766 764 0:32 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/rdma ro,nosuid,nodev,noexec,relatime master:15 - cgroup cgroup rw,rdma
767 764 0:33 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/cpu,cpuacct ro,nosuid,nodev,noexec,relatime master:16 - cgroup cgroup rw,cpu,cpuacct
768 764 0:34 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/cpuset ro,nosuid,nodev,noexec,relatime master:17 - cgroup cgroup rw,cpuset
769 764 0:35 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/pids ro,nosuid,nodev,noexec,relatime master:18 - cgroup cgroup rw,pids
770 764 0:36 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/memory ro,nosuid,nodev,noexec,relatime master:19 - cgroup cgroup rw,memory
771 764 0:37 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/perf_event ro,nosuid,nodev,noexec,relatime master:20 - cgroup cgroup rw,perf_event
772 764 0:38 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/net_cls,net_prio ro,nosuid,nodev,noexec,relatime master:21 - cgroup cgroup rw,net_cls,net_prio
773 764 0:39 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/blkio ro,nosuid,nodev,noexec,relatime master:22 - cgroup cgroup rw,blkio
774 764 0:40 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/misc ro,nosuid,nodev,noexec,relatime master:23 - cgroup cgroup rw,misc
775 764 0:41 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/hugetlb ro,nosuid,nodev,noexec,relatime master:24 - cgroup cgroup rw,hugetlb
776 764 0:42 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/devices ro,nosuid,nodev,noexec,relatime master:25 - cgroup cgroup rw,devices
777 764 0:43 /docker/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c /sys/fs/cgroup/freezer ro,nosuid,nodev,noexec,relatime master:26 - cgroup cgroup rw,freezer
778 761 0:57 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
779 761 0:63 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k,inode64
780 759 8:5 /var/lib/docker/containers/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c/resolv.conf /etc/resolv.conf rw,relatime - ext4 /dev/sda5 rw,errors=remount-ro
781 759 8:5 /var/lib/docker/containers/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c/hostname /etc/hostname rw,relatime - ext4 /dev/sda5 rw,errors=remount-ro
782 759 8:5 /var/lib/docker/containers/2669e6e0af4ba633191d64da6f90ca4fe546b09b07a3ff66e71f8f4626943e4c/hosts /etc/hosts rw,relatime - ext4 /dev/sda5 rw,errors=remount-ro
718 761 0:60 /0 /dev/console rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
719 760 0:58 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
720 760 0:58 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
721 760 0:58 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
722 760 0:58 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
723 760 0:58 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime - proc proc rw
724 760 0:64 / /proc/asound ro,relatime - tmpfs tmpfs ro,inode64
725 760 0:65 / /proc/acpi ro,relatime - tmpfs tmpfs ro,inode64
726 760 0:59 /null /proc/kcore rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
727 760 0:59 /null /proc/keys rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
728 760 0:59 /null /proc/timer_list rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
729 760 0:66 / /proc/scsi ro,relatime - tmpfs tmpfs ro,inode64
730 763 0:67 / /sys/firmware ro,relatime - tmpfs tmpfs ro,inode64
731 763 0:68 / /sys/devices/virtual/powercap ro,relatime - tmpfs tmpfs ro,inode64podman cgroups v2
$ docker run --rm -ti ubuntu:jammy bash
root@aa1ced74efd3:/# cat /proc/1/cgroup
0::/
root@aa1ced74efd3:/# cat /proc/1/mountinfo
685 690 0:63 /containers/overlay-containers/aa1ced74efd3f2565b4484ab15330115538a4023a3b59dab777b629d361fb6de/userdata/resolv.conf /etc/resolv.conf rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=1637624k,nr_inodes=409406,mode=700,uid=1000,gid=1000,inode64
686 690 0:63 /containers/overlay-containers/aa1ced74efd3f2565b4484ab15330115538a4023a3b59dab777b629d361fb6de/userdata/hosts /etc/hosts rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=1637624k,nr_inodes=409406,mode=700,uid=1000,gid=1000,inode64
687 692 0:50 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=64000k,uid=1000,gid=1000,inode64
688 690 0:63 /containers/overlay-containers/aa1ced74efd3f2565b4484ab15330115538a4023a3b59dab777b629d361fb6de/userdata/.containerenv /run/.containerenv rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=1637624k,nr_inodes=409406,mode=700,uid=1000,gid=1000,inode64
689 690 0:63 /containers/overlay-containers/aa1ced74efd3f2565b4484ab15330115538a4023a3b59dab777b629d361fb6de/userdata/hostname /etc/hostname rw,nosuid,nodev,relatime - tmpfs tmpfs rw,size=1637624k,nr_inodes=409406,mode=700,uid=1000,gid=1000,inode64
690 546 0:55 / / rw,relatime - overlay overlay rw,lowerdir=/home/asottile/.local/share/containers/storage/overlay/l/NPOHYOD3PI3YW6TQSGBOVOUSK6,upperdir=/home/asottile/.local/share/containers/storage/overlay/565c206fb79f876ffd5f069b8bd7a97fb5e47d5d07396b0c395a4ed6725d4a8e/diff,workdir=/home/asottile/.local/share/containers/storage/overlay/565c206fb79f876ffd5f069b8bd7a97fb5e47d5d07396b0c395a4ed6725d4a8e/work,redirect_dir=nofollow,uuid=on,volatile,userxattr
691 690 0:59 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
692 690 0:61 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,uid=1000,gid=1000,inode64
693 690 0:62 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs rw
694 692 0:66 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=100004,mode=620,ptmxmode=666
695 692 0:58 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
696 693 0:28 / /sys/fs/cgroup ro,nosuid,nodev,noexec,relatime - cgroup2 cgroup2 rw,nsdelegate,memory_recursiveprot
698 692 0:6 /null /dev/null rw,nosuid,noexec,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
699 692 0:6 /zero /dev/zero rw,nosuid,noexec,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
700 692 0:6 /full /dev/full rw,nosuid,noexec,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
701 692 0:6 /tty /dev/tty rw,nosuid,noexec,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
702 692 0:6 /random /dev/random rw,nosuid,noexec,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
703 692 0:6 /urandom /dev/urandom rw,nosuid,noexec,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
704 691 0:67 / /proc/acpi ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
705 691 0:6 /null /proc/kcore ro,nosuid,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
706 691 0:6 /null /proc/keys ro,nosuid,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
707 691 0:6 /null /proc/latency_stats ro,nosuid,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
708 691 0:6 /null /proc/timer_list ro,nosuid,relatime - devtmpfs udev rw,size=8147812k,nr_inodes=2036953,mode=755,inode64
709 691 0:68 / /proc/scsi ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
710 693 0:69 / /sys/firmware ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
711 693 0:70 / /sys/dev/block ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
712 693 0:71 / /sys/devices/virtual/powercap ro,relatime - tmpfs tmpfs rw,size=0k,uid=1000,gid=1000,inode64
713 691 0:59 /asound /proc/asound ro,nosuid,nodev,noexec,relatime - proc proc rw
714 691 0:59 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
715 691 0:59 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
716 691 0:59 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
717 691 0:59 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
718 691 0:59 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime - proc proc rw
547 692 0:66 /0 /dev/console rw,relatime - devpts devpts rw,gid=100004,mode=620,ptmxmode=666docker cgroups v2
root@b10b2d4ce6f3:/# cat /proc/1/cgroup
0::/
root@b10b2d4ce6f3:/# cat /proc/1/mountinfo
721 386 0:45 / / rw,relatime master:218 - overlay overlay rw,lowerdir=/var/lib/docker/overlay2/l/QHZ7OM7P4AQD3XLG274ZPWAJCV:/var/lib/docker/overlay2/l/5RFG6SZWVGOG2NKEYXJDQCQYX5,upperdir=/var/lib/docker/overlay2/e4ad859fc5d4791932b9b976052f01fb0063e01de3cef916e40ae2121f6a166e/diff,workdir=/var/lib/docker/overlay2/e4ad859fc5d4791932b9b976052f01fb0063e01de3cef916e40ae2121f6a166e/work,nouserxattr
722 721 0:48 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
723 721 0:50 / /dev rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
724 723 0:51 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
725 721 0:52 / /sys ro,nosuid,nodev,noexec,relatime - sysfs sysfs ro
726 725 0:26 / /sys/fs/cgroup ro,nosuid,nodev,noexec,relatime - cgroup2 cgroup rw,nsdelegate,memory_recursiveprot
727 723 0:47 / /dev/mqueue rw,nosuid,nodev,noexec,relatime - mqueue mqueue rw
728 723 0:53 / /dev/shm rw,nosuid,nodev,noexec,relatime - tmpfs shm rw,size=65536k,inode64
729 721 8:3 /var/lib/docker/containers/b10b2d4ce6f37531be567e4b99d4ff5308209de9516f989ca9f9bcd8fe4b4c9c/resolv.conf /etc/resolv.conf rw,relatime - ext4 /dev/sda3 rw,errors=remount-ro
730 721 8:3 /var/lib/docker/containers/b10b2d4ce6f37531be567e4b99d4ff5308209de9516f989ca9f9bcd8fe4b4c9c/hostname /etc/hostname rw,relatime - ext4 /dev/sda3 rw,errors=remount-ro
731 721 8:3 /var/lib/docker/containers/b10b2d4ce6f37531be567e4b99d4ff5308209de9516f989ca9f9bcd8fe4b4c9c/hosts /etc/hosts rw,relatime - ext4 /dev/sda3 rw,errors=remount-ro
387 723 0:51 /0 /dev/console rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=666
388 722 0:48 /bus /proc/bus ro,nosuid,nodev,noexec,relatime - proc proc rw
389 722 0:48 /fs /proc/fs ro,nosuid,nodev,noexec,relatime - proc proc rw
525 722 0:48 /irq /proc/irq ro,nosuid,nodev,noexec,relatime - proc proc rw
526 722 0:48 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
571 722 0:48 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime - proc proc rw
572 722 0:57 / /proc/asound ro,relatime - tmpfs tmpfs ro,inode64
575 722 0:58 / /proc/acpi ro,relatime - tmpfs tmpfs ro,inode64
576 722 0:50 /null /proc/kcore rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
577 722 0:50 /null /proc/keys rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
578 722 0:50 /null /proc/timer_list rw,nosuid - tmpfs tmpfs rw,size=65536k,mode=755,inode64
579 722 0:59 / /proc/scsi ro,relatime - tmpfs tmpfs ro,inode64
580 725 0:60 / /sys/firmware ro,relatime - tmpfs tmpfs ro,inode64
Contributor
Author
There was a problem hiding this comment.
Thank you, that is very helpful. Correct me if I'm wrong, but the solution will work for Docker, but we still need to cover Podman (which apparently has not worked for cgroups v1 either).
asottile
reviewed
Oct 2, 2025
pre_commit/languages/docker.py
Outdated
Comment on lines
32
to
42
| with open('/proc/1/mountinfo', 'rb') as f: | ||
| hostname_mount = re.compile( | ||
| r""" | ||
| /containers | ||
| (/overlay-containers)? | ||
| /([a-z0-9]{64}) | ||
| (/userdata)? | ||
| /hostname | ||
| """, | ||
| re.VERBOSE, | ||
| ) |
Member
There was a problem hiding this comment.
binary file and text regex is a bit of a mismatch -- you should match the two (probably binary file and binary regex)
also re.compile in a local scope isn't all that beneficial -- perhaps move it to the module scope?
also I think this can be done without a regex and will be more performant (since the start/end seem pretty unique)?
pre_commit/languages/docker.py
Outdated
| raise RuntimeError('Failed to find the container ID in /proc/1/cgroup.') | ||
| m = hostname_mount.search(line.decode()) | ||
| if m: | ||
| return m.group(2) |
Member
There was a problem hiding this comment.
modern python this is return m[2]
bidorffOL
added a commit
to bidorffOL/cap
that referenced
this pull request
Oct 13, 2025
It seems that using /proc/1/cgroup is now broken to detect docker. Other projects have been using /proc/1/mountinfo instead (see pre-commit/pre-commit#3535)
3 tasks
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Nov 14, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [pre-commit](https://github.com/pre-commit/pre-commit) | minor | `4.3.0` -> `4.4.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>pre-commit/pre-commit (pre-commit)</summary> ### [`v4.4.0`](https://github.com/pre-commit/pre-commit/blob/HEAD/CHANGELOG.md#440---2025-11-08) [Compare Source](pre-commit/pre-commit@v4.3.0...v4.4.0) \================== ##### Features - Add `--fail-fast` option to `pre-commit run`. - [#​3528](pre-commit/pre-commit#3528) MR by [@​JulianMaurin](https://github.com/JulianMaurin). - Upgrade `ruby-build` / `rbenv`. - [#​3566](pre-commit/pre-commit#3566) MR by [@​asottile](https://github.com/asottile). - [#​3565](pre-commit/pre-commit#3565) issue by [@​MRigal](https://github.com/MRigal). - Add `language: unsupported` / `language: unsupported_script` as aliases for `language: system` / `language: script` (which will eventually be deprecated). - [#​3577](pre-commit/pre-commit#3577) MR by [@​asottile](https://github.com/asottile). - Add support docker-in-docker detection for cgroups v2. - [#​3535](pre-commit/pre-commit#3535) MR by [@​br-rhrbacek](https://github.com/br-rhrbacek). - [#​3360](pre-commit/pre-commit#3360) issue by [@​JasonAlt](https://github.com/JasonAlt). ##### Fixes - Handle when docker gives `SecurityOptions: null`. - [#​3537](pre-commit/pre-commit#3537) MR by [@​asottile](https://github.com/asottile). - [#​3514](pre-commit/pre-commit#3514) issue by [@​jenstroeger](https://github.com/jenstroeger). - Fix error context for invalid `stages` in `.pre-commit-config.yaml`. - [#​3576](pre-commit/pre-commit#3576) MR by [@​asottile](https://github.com/asottile). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Inspired by a similar issue in Jenkins, I propose to fix the broken container detection by using /proc/1/mountinfo.