Powershell command to identify whether a process running in windows machine is a docker container process?

Question

I have a process Id in windows Machine, I need to write a Power-shell script to check whether this process is running as docker container or not.

Being a newbie ,I am not able to find anything straight forward how to check it.

Answer 1

I have tried this by expanding the suggestion to use docker inspect. Here's the whole config:

PS C:\Users\Microsoft> docker inspect -f '{{.State.Pid}}' 8b2f6493d26e
4492

The command above returned the ID on which the container is instantiated.

PS C:\Users\Microsoft> Get-Process -Id 4492 | select si

SI
--
 6

Now, I can use the above to query the SI of the specific ID returned previously. You see that the SI for that Process ID is 6, so all processes on this container will be running on that SI. Now I can run:

PS C:\Users\Microsoft> Get-Process | Where-Object {$_.si -eq 6}

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------
     83       6      976       4776       0.00   8380   6 CExecSvc
    251      13     2040       6308       0.16   7308   6 csrss
     38       6      792       3176       0.00   3772   6 fontdrvhost
    793      20     3900      13688       0.44   8912   6 lsass
    232      13     2624      10384       0.11   7348   6 msdtc
     75       6      928       4872       0.02   4492   6 ServiceMonitor
    213      10     2372       7008       0.27   8308   6 services
    137       8     1496       6952       0.05    864   6 svchost
    172      12     2656       9292       0.06   2352   6 svchost
    110       7     1188       6084       0.03   2572   6 svchost
    241      14     4616      12508       0.19   5460   6 svchost
    817      30    12388      30824       9.73   6056   6 svchost
    172      12     3984      11528       0.14   6420   6 svchost
    405      16     7284      14284       0.25   6524   6 svchost
    494      22    13480      29568       1.45   7060   6 svchost
    509      38     5636      19432       0.30   7936   6 svchost
    334      13     2776      10912       0.13   8604   6 svchost
    122       8     3048       9180       0.19   8816   6 svchost
    383      14     2392       8624       0.22   9080   6 svchost
    232      19     5060      14284       0.13   9744   6 w3wp
    155      11     1380       7276       0.05   5008   6 wininit

The above is the output of all processes running on my container host that match the SI 6. You can even see the w3wp process which is the IIS process running inside the container.

One note here is that this is only possible with Process isolation on Windows containers. Hyper-V containers won't have their processes shown on the host.