Max Koretskyi
Reputation: 105547
Why I don't see the namespace related to running docker container
I know I can use nsenter to execute host machine program, e.g. netstat, inside the running docker container like this:
sudo nsenter -t namespace_id -n netstat -putan
but for that I first need to figure out that namespace id.
I'm supposed to be able to do it like this:
# get container top level process id
$ docker inspect -f '{{.State.Pid}}' container_id
# use it to find the namespace id
$ lsns -t container_top_level_process_id
but when I do that lsns -t ... gives me empty output. What could be the reason for that? Is it possible that running the container through docker copmose somehow affects this?
Upvotes: -2
Views: 759
Answers (1)
larsks
Reputation: 312390
but for that I first need to figure out that namespace id.
No you don't; using the -t argument to nsenter you only need the PID of a process in the namespace. From the nsenter` man page:
`-t`, `--target` *PID*
Specify a target process to get contexts from. The paths to the contexts specified by pid are:
So once you have the main process pid:
pid=$(docker inspect -f '{{.State.Pid}}' container_id)
You can use that directly with nsenter:
nsenter -t $pid -n netstat -tln
Upvotes: 3
Related Questions
- Copying files from Docker container to host
- Cannot connect to the Docker daemon at unix:/var/run/docker.sock. Is the docker daemon running?
- How to copy files from host to Docker container?
- What is the difference between a Docker image and a container?
- How to keep Docker container running after starting services?
- How to see docker image contents
- From inside of a Docker container, how do I connect to the localhost of the machine?
- Docker: any way to list open sockets inside a running docker container?
- How to get a Docker container's IP address from the host
- What is the runtime performance cost of a Docker container?