Reputation: 1181
Can I run host commands with docker container environment?
Many docker images have no base commands such as ifconfig, ip, ps, etc.
So I would like to find a way to run host commands in docker container environment so that I don't need to copy/pack every commands to docker image.
I know a command ip netns exec [ns] ifconfig, which can run the command ifconfig in a new network namespace. Is there similar way for docker container?
Upvotes: 1
Views: 1273
Answers (1)
Reputation: 3758
This question misses the fact that the kernel does not have a notion of a "container" - from its standpoint, the container is a set of different abstractions (different namespaces, cgroups, etc.). Having enough rights on the host, you can manage these abstractions independently (e.g. enter any single namespace of the container, or a couple of them). That said, the full answer to the question depends on what "execute the host's binary in the container" means (do you want to execute this binary in all namespaces of the container, or only in significant ones, which influence the result you want to obtain?).
Technically, you can execute arbitrary host's binary inside the container's namespaces (except for mnt namespace) without copying or mounting this binary into the container's filesystem. Depending on what you are trying to achieve, it may or may not solve your problem.
For example, doing some ip stuff after entering only net namespace of the container will probably give you the expected result:
$ sudo nsenter -t $CONTAINERIZED_PROCESS_PID -n ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
33: eth0@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
The command from the host gets executed in the container's network namespace and shows its network interfaces correctly.
Or you can get correct container's hostname executing hostname binary inside container's UTS namespace:
$ sudo nsenter -t $CONTAINERIZED_PROCESS_PID -u hostname
d65269ecf908
However, doing ps after entering pid namespace of the container will not give you the list of the container's processes, but rather the list of all processes you are able to see from the host, because ps takes the information from /proc, so to see the correct set of processes you have to enter the container's mnt namespace (which in turn will make you unable to run the host binaries, because you will no longer see them).
That said, it really depends on what do you want to execute and what do you want to get as a result.
Upvotes: 2
Related Questions
- Execute host commands from within a docker container
- Accessing Docker Container to run command
- It is possible to run a command inside a Docker container from another container?
- How to access and run command on host from Docker container?
- How to install / run service or command on host machine from a docker container
- Run commands on host from container command prompt
- Running docker command from docker container
- Is it possible to perform Docker-call from a container into the host?
- running docker commands on host
- Running commands inside Docker Container