core: set SYSTEMD_CONFIDENTIAL_VIRTUALIZATION env for generators

This reports the confidential virtualization type that was detected

Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

1 files changed, 11 insertions, 0 deletions

diff --git a/src/core/manager.c b/src/core/manager.c
index cc4fc1679c..22ec6e79b1 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -32,6 +32,7 @@
 #include "clean-ipc.h"
 #include "clock-util.h"
 #include "common-signal.h"
+#include "confidential-virt.h"
 #include "constants.h"
 #include "core-varlink.h"
 #include "creds-util.h"
@@ -3887,6 +3888,7 @@ static int manager_run_environment_generators(Manager *m) {
 static int build_generator_environment(Manager *m, char ***ret) {
         _cleanup_strv_free_ char **nl = NULL;
         Virtualization v;
+        ConfidentialVirtualization cv;
         int r;
 
         assert(m);
@@ -3935,6 +3937,15 @@ static int build_generator_environment(Manager *m, char ***ret) {
                         return r;
         }
 
+        cv = detect_confidential_virtualization();
+        if (cv < 0)
+                log_debug_errno(cv, "Failed to detect confidential virtualization, ignoring: %m");
+        else if (cv > 0) {
+                r = strv_env_assign(&nl, "SYSTEMD_CONFIDENTIAL_VIRTUALIZATION", confidential_virtualization_to_string(cv));
+                if (r < 0)
+                        return r;
+        }
+
         r = strv_env_assign(&nl, "SYSTEMD_ARCHITECTURE", architecture_to_string(uname_architecture()));
         if (r < 0)
                 return r;