When running systemd in a container set container_uuid

docs/source/markdown/podman-create.1.md

@@ -1020,15 +1020,20 @@ Run container in systemd mode. The default is *true*.
 
 The value *always* enforces the systemd mode is enforced without
 looking at the executable name. Otherwise, if set to true and the
-command you are running inside the container is systemd, /usr/sbin/init,
-/sbin/init or /usr/local/sbin/init.
-
-If the command you are running inside of the container is systemd,
-Podman will setup tmpfs mount points in the following directories:
-
-/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal
-
-It will also set the default stop signal to SIGRTMIN+3.
+command you are running inside the container is **systemd**, **/usr/sbin/init**,
+**/sbin/init** or **/usr/local/sbin/init**.
+
+Running the container in systemd mode causes the following changes:
+
+* Podman mounts tmpfs file systems on the following directories
+  * _/run_
+  * _/run/lock_
+  * _/tmp_
+  * _/sys/fs/cgroup/systemd_
+  * _/var/lib/journal_
+* Podman sets the default stop signal to **SIGRTMIN+3**.
+* Podman sets **container_uuid** environment variable in the container to the
+first 32 characters of the container id.
 
 This allows systemd to run in a confined container without any modifications.
 

docs/source/markdown/podman-run.1.md

@@ -1082,20 +1082,21 @@ Note: if you use the **--network=host** option, these sysctls will not be allowe
 Run container in systemd mode. The default is **true**.
 
 The value *always* enforces the systemd mode is enforced without
-looking at the executable name. Otherwise, if set to **true** and the
-command you are running inside the container is systemd, _/usr/sbin/init_,
-_/sbin/init_ or _/usr/local/sbin/init_.
-
-If the command you are running inside of the container is systemd
-Podman will setup tmpfs mount points in the following directories:
-
-- _/run_
-- _/run/lock_
-- _/tmp_
-- _/sys/fs/cgroup/systemd_
-- _/var/lib/journal_
-
-It will also set the default stop signal to **SIGRTMIN+3**.
+looking at the executable name. Otherwise, if set to true and the
+command you are running inside the container is **systemd**, **/usr/sbin/init**,
+**/sbin/init** or **/usr/local/sbin/init**.
+
+Running the container in systemd mode causes the following changes:
+
+* Podman mounts tmpfs file systems on the following directories
+  * _/run_
+  * _/run/lock_
+  * _/tmp_
+  * _/sys/fs/cgroup/systemd_
+  * _/var/lib/journal_
+* Podman sets the default stop signal to **SIGRTMIN+3**.
+* Podman sets **container_uuid** environment variable in the container to the
+first 32 characters of the container id.
 
 This allows systemd to run in a confined container without any modifications.
 

libpod/container_internal_linux.go

@@ -968,6 +968,16 @@ func (c *Container) mountNotifySocket(g generate.Generator) error {
 // systemd expects to have /run, /run/lock and /tmp on tmpfs
 // It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
 func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error {
+	var containerUUIDSet bool
+	for _, s := range c.config.Spec.Process.Env {
+		if strings.HasPrefix(s, "container_uuid=") {
+			containerUUIDSet = true
+			break
+		}
+	}
+	if !containerUUIDSet {
+		g.AddProcessEnv("container_uuid", c.ID()[:32])
+	}
 	options := []string{"rw", "rprivate", "nosuid", "nodev"}
 	for _, dest := range []string{"/run", "/run/lock"} {
 		if MountExists(mounts, dest) {

test/system/250-systemd.bats

@@ -281,6 +281,13 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
     is "$output" "" "output should be empty"
 }
 
+@test "podman --systemd sets container_uuid" {
+    run_podman run --systemd=always --name test $IMAGE printenv container_uuid
+    container_uuid=$output
+    run_podman inspect test --format '{{ .ID }}'
+    is "${container_uuid}" "${output:0:32}" "UUID should be first 32 chars of Container id"
+}
+
 # https://github.com/containers/podman/issues/13153
 @test "podman rootless-netns slirp4netns process should be in different cgroup" {
     is_rootless || skip "only meaningful for rootless"