Add containerenv information to /run/.containerenv

We have been asked to leak some information into the container
to indicate:
* The name and id of the container
* The version of podman used to launch the container
* The image name and ID the container is based on.
* Whether the container engine is running in rootless mode.

Fixes: https://github.com/containers/podman/issues/6192

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

1 files changed, 20 insertions, 4 deletions

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 56575c195..fb30192f1 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -35,6 +35,7 @@ import (
 	"github.com/containers/podman/v2/pkg/rootless"
 	"github.com/containers/podman/v2/pkg/util"
 	"github.com/containers/podman/v2/utils"
+	"github.com/containers/podman/v2/version"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/idtools"
 	securejoin "github.com/cyphar/filepath-securejoin"
@@ -1423,11 +1424,26 @@ func (c *Container) makeBindMounts() error {
 		}
 	}
 
-	// Make .containerenv
-	// Empty file, so no need to recreate if it exists
+	// Make .containerenv if it does not exist
 	if _, ok := c.state.BindMounts["/run/.containerenv"]; !ok {
-		// Empty string for now, but we may consider populating this later
-		containerenvPath, err := c.writeStringToRundir(".containerenv", "")
+		var containerenv string
+		isRootless := 0
+		if rootless.IsRootless() {
+			isRootless = 1
+		}
+		imageID, imageName := c.Image()
+
+		if c.Privileged() {
+			// Populate the .containerenv with container information
+			containerenv = fmt.Sprintf(`engine="podman-%s"
+name=%q
+id=%q
+image=%q
+imageid=%q
+rootless=%d
+`, version.Version.String(), c.Name(), c.ID(), imageName, imageID, isRootless)
+		}
+		containerenvPath, err := c.writeStringToRundir(".containerenv", containerenv)
 		if err != nil {
 			return errors.Wrapf(err, "error creating containerenv file for container %s", c.ID())
 		}