docker和host之间的PID映射
[英]PID mapping between docker and host
问题描述
How docker namespace is different from Host namespace and how the pid can be mapped between these two? 
docker命名空间如何与Host命名空间不同以及如何在这两者之间映射pid? Can anyone give me an idea that helps to make easy way of mapping pid's between host n docker using source code? 任何人都可以给我一个想法,有助于使用源代码轻松地映射主机n docker之间的pid?
2 个解决方案
解决方案1
7 2017-02-02 18:41:33
You can find the mapping in /proc/PID/status file. 您可以在/proc/PID/status文件中找到映射。 It contains a line like: 它包含如下行:
NSpid: 16950 24
Which means that 16950 on the host is 24 inside the container. 这意味着主机上的16950在容器内是24 。
解决方案2
5 2015-10-25 20:40:04
As I mentioned in " Running docker securely ": 正如我在“ 安全地运行docker ”中提到的那样:
Currently, Docker uses five namespaces to alter processes view of the system: Process, Network, Mount, Hostname, Shared Memory.
The fact that, by default, as I mentioned in your previous question " Docker Namespace in kernel level " the container pid are isolated from the host (unless you run them with --pid host ) is by design. 默认情况下,正如我在上一个问题“ 内核级别的Docker命名空间 ”中提到的那样,容器pid与主机隔离(除非您使用--pid host运行它们)是设计的。
If you are using --pid=host , then those container pids are visible from the host, but not easily matched to a particular container, not until issue 10163 and --pid=container:id is resolved. 如果您使用的是--pid=host ,那么这些容器pid在主机中是可见的,但不容易与特定容器匹配,直到问题10163和--pid=container:id被解析。
Update May 2016: issue 10163 and --pid=container:id is actually resolved by PR 22481 for docker 1.12, allowing to join another container's PID namespace. 2016年5月更新: 问题10163和--pid=container:id实际上由PR 22481解决为docker 1.12,允许加入另一个容器的PID命名空间。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.