[英]How container processes are attached to containerd-shim in docker
When I execute a task within a container using docker exec
, the newly spawned process is attached to containerd-shim
with the other processes of this container which is the expected behavior.当我使用docker exec
在容器内执行任务时,新生成的进程与该容器的其他进程一起附加到containerd-shim
,这是预期的行为。 But I don't understand in detail how the newly spawned process can be attached to this process.但我不明白如何将新生成的进程附加到这个进程的细节。
EDIT : After some research, i understood that the process was actually spawned by runc then, using prctl(PR_SET_CHILD_SUBREAPER, 1);
编辑:经过一些研究,我了解到该进程实际上是由 runc 产生的,然后使用prctl(PR_SET_CHILD_SUBREAPER, 1);
it was possible to terminate runc and the process was attached to runc.可以终止 runc 并且该进程附加到 runc。 Yet, that does not explain how the process is "transferred" from my shell to this runc process attached to containerd-shim
然而,这并没有解释这个进程是如何从我的 shell“转移”到这个附加到containerd-shim
runc 进程的
For instance, if I spawn a process with sudo strace docker exec 104f931f77ee sleep 99
then I will have the following ps tree (simplified for clarity).例如,如果我使用sudo strace docker exec 104f931f77ee sleep 99
生成一个进程,那么我将拥有以下 ps 树(为了清晰起见进行了简化)。
systemd,1
├─agetty,365 -o -p -- \\u --noclear tty1 linux
├─containerd,364
│ ├─containerd-shim,1858 -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/104f931f77eeb745451a47644e4997440a674697cef9a1a567b4edede960c68e -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
│ │ ├─bash,1875
│ │ ├─sleep,4769 10000000
│ │ ├─sleep,15504 99
│ │ └─{containerd-shim},1859, 1860, ...
│ └─{containerd},373, 374, ...
├─dockerd,366 -H fd:// --containerd=/run/containerd/containerd.sock
│ └─{dockerd},381, 382 ... 406
│
└─sshd,371 -D
└─sshd,565
└─sshd,582
└─zsh,583
└─sudo,15479 strace docker exec 104f931f77ee sleep 99
└─strace,15480 docker exec 104f931f77ee sleep 99
└─docker,15483 exec 104f931f77ee sleep 99
└─{docker},15485 to 15494
According to the strace
of containerd-shim
, this isn't due to containerd-shim
directly as no systemcall is done when a container is attached to this process.根据containerd-shim
的strace
,这不是直接由于containerd-shim
造成的,因为当容器附加到此进程时没有进行系统调用。 (Since it is waken only when a container dies, not when it spawns) (因为它仅在容器死亡时被唤醒,而不是在它生成时)
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21192, si_uid=0, si_status=0, si_utime=1, si_stime=0} ---
futex(0x9f3500, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigreturn({mask=~[HUP INT QUIT ILL TRAP ABRT BUS FPE KILL USR1 SEGV PIPE TERM STKFLT CHLD STOP PROF SYS RTMIN RT_1]}) = 202
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21653, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
futex(0x9f3500, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigreturn({mask=~[HUP INT QUIT ILL TRAP ABRT BUS FPE KILL USR1 SEGV PIPE TERM STKFLT CHLD STOP PROF SYS RTMIN RT_1]}) = 202
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
(See edit) This is especially weird since : (见编辑)这特别奇怪,因为:
You can not start a process as the child of the shell, and then "reparent" it so another process becomes it's parent.您不能将一个进程作为 shell 的子进程启动,然后“重新设置”它的父进程,以便另一个进程成为它的父进程。
So you need to use a parent process that explicitly starts the children.因此,您需要使用显式启动子进程的父进程。
Also, according to this strace there is no direct communication between the spawning process and the containerd-shim
此外,根据此 strace,产卵过程和containerd-shim
之间没有直接通信
sudo strace docker exec 104f931f77ee sleep 99
execve("/usr/bin/docker", ["docker", "exec", "104f931f77ee", "sleep", "99"], 0x7ffe39a39f60 /* 13 vars */) = 0
brk(NULL) = 0x5650f557d000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32790, ...}) = 0
mmap(NULL, 32790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3324830000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@l\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=146968, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332482e000
mmap(NULL, 132288, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f332480d000
mmap(0x7f3324813000, 61440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f3324813000
mmap(0x7f3324822000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f3324822000
mmap(0x7f3324828000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7f3324828000
mmap(0x7f332482a000, 13504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f332482a000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\21\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14592, ...}) = 0
mmap(NULL, 16656, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3324808000
mmap(0x7f3324809000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f3324809000
mmap(0x7f332480a000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f332480a000
mmap(0x7f332480b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f332480b000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260A\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1824496, ...}) = 0
mmap(NULL, 1837056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3324647000
mprotect(0x7f3324669000, 1658880, PROT_NONE) = 0
mmap(0x7f3324669000, 1343488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f3324669000
mmap(0x7f33247b1000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16a000) = 0x7f33247b1000
mmap(0x7f33247fe000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7f33247fe000
mmap(0x7f3324804000, 14336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3324804000
close(3) = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3324644000
arch_prctl(ARCH_SET_FS, 0x7f3324644740) = 0
mprotect(0x7f33247fe000, 16384, PROT_READ) = 0
mprotect(0x7f332480b000, 4096, PROT_READ) = 0
mprotect(0x7f3324828000, 4096, PROT_READ) = 0
mprotect(0x5650f338d000, 27123712, PROT_READ) = 0
mprotect(0x7f3324860000, 4096, PROT_READ) = 0
munmap(0x7f3324830000, 32790) = 0
set_tid_address(0x7f3324644a10) = 15483
set_robust_list(0x7f3324644a20, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f33248136b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f3324813740, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(NULL) = 0x5650f557d000
brk(0x5650f559e000) = 0x5650f559e000
sched_getaffinity(0, 8192, [0, 1, 2, 3, 4, 5]) = 64
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3324604000
mmap(0xc000000000, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(0xc000000000, 67108864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(NULL, 33554432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3322604000
mmap(NULL, 2164736, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223f3000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223e3000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223d3000
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
sigaltstack(NULL, {ss_sp=NULL, ss_flags=SS_DISABLE, ss_size=0}) = 0
sigaltstack({ss_sp=0xc000002000, ss_flags=0, ss_size=32768}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
gettid() = 15483
rt_sigaction(SIGHUP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGILL, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGILL, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGTRAP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTRAP, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGABRT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGABRT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGBUS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGFPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGFPE, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGSEGV, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1],
[...]
sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3321bd2000
mprotect(0x7f3321bd3000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f33223d1fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f33223d29d0, tls=0x7f33223d2700, child_tidptr=0x7f33223d29d0) = 15485
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33213d1000
mprotect(0x7f33213d2000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3321bd0fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3321bd19d0, tls=0x7f3321bd1700, child_tidptr=0x7f3321bd19d0) = 15486
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33203cf000
mprotect(0x7f33203d0000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3320bcefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3320bcf9d0, tls=0x7f3320bcf700, child_tidptr=0x7f3320bcf9d0) = 15488
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33137ff000
mprotect(0x7f3313800000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3313ffefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3313fff9d0, tls=0x7f3313fff700, child_tidptr=0x7f3313fff9d0) = 15489
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
mmap(NULL, 1439992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332026f000
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332022f000
readlinkat(AT_FDCWD, "/proc/self/exe", "/usr/bin/docker", 128) = 15
fcntl(0, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
fcntl(1, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
fcntl(2, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
getpid() = 15483
newfstatat(AT_FDCWD, "/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}, 0) = 0
openat(AT_FDCWD, "/proc/stat", O_RDONLY|O_CLOEXEC) = 3
epoll_create1(EPOLL_CLOEXEC) = 4
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=539230440, u64=139857559290088}}) = 0
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
read(3, "cpu 2248 0 4821 3583425 1021 0 "..., 4096) = 1387
read(3, "", 2709) = 0
epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc00021120c) = 0
close(3) = 0
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33201ef000
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
getrandom("\x5c\x6c\x6d\xbf\xd9\x2a\xf8\x4d", 8, 0) = 8
newfstatat(AT_FDCWD, "/usr/lib/libykcs11.so", 0xc000050788, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/libykcs11.so.1", 0xc000050858, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib64/libykcs11.so", 0xc000050928, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib64/libykcs11.so.1", 0xc0000509f8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libykcs11.so", 0xc000050ac8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/lib/libykcs11.so", 0xc000050b98, 0) = -1 ENOENT (No such file or directory)
capget({version=0 /* _LINUX_CAPABILITY_VERSION_??? */, pid=0}, NULL) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cap_last_cap", O_RDONLY|O_CLOEXEC) = 3
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=539230440, u64=139857559290088}}) = 0
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
read(3, "37\n", 11) = 3
epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc000211d24) = 0
close(3) = 0
newfstatat(AT_FDCWD, "/usr/local/sbin/unpigz", 0xc0000512e8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/unpigz", 0xc0000513b8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/unpigz", 0xc000051488, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/unpigz", {st_mode=S_IFREG|0755, st_size=116944, ...}, 0) = 0
getpid() = 15483
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
uname({sysname="Linux", nodename="debiankvm", ...}) = 0
getuid() = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=510, ...}) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 510
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32790, ...}) = 0
mmap(NULL, 32790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3324830000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0003\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=55792, ...}) = 0
mmap(NULL, 83768, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f33201da000
mprotect(0x7f33201dd000, 40960, PROT_NONE) = 0
mmap(0x7f33201dd000, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f33201dd000
mmap(0x7f33201e4000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f33201e4000
mmap(0x7f33201e7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f33201e7000
mmap(0x7f33201e9000, 22328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f33201e9000
close(3) = 0
mprotect(0x7f33201e7000, 4096, PROT_READ) = 0
munmap(0x7f3324830000, 32790) = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1394, ...}) = 0
read(3, "root:x:0:0:root:/root:/bin/zsh\nd"..., 4096) = 1394
close(3) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3311ffc000
mprotect(0x7f3311ffd000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f33127fbfb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f33127fc9d0, tls=0x7f33127fc700, child_tidptr=0x7f33127fc9d0) = 15492
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a7d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a7d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
epoll_pwait(4, [], 128, 0, NULL, 8) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332018a000
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04ee8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
epoll_pwait(4, [], 128, 0, NULL, 128) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c4c8, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332017a000
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04ee8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
newfstatat(AT_FDCWD, "/root/.docker/config.json", 0xc0004d9bd8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.dockercfg", 0xc0004d9ca8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/sbin/pass", 0xc0004d9d78, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/pass", 0xc0004d9e48, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/pass", 0xc0004d9f18, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/pass", 0xc000018038, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/sbin/pass", 0xc000018108, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/bin/pass", 0xc0000181d8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/sbin/docker-credential-secretservice", 0xc0000182a8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/docker-credential-secretservice", 0xc000018378, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/docker-credential-secretservice", 0xc000018448, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/docker-credential-secretservice", 0xc000018518, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/sbin/docker-credential-secretservice", 0xc0000185e8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/bin/docker-credential-secretservice", 0xc0000186b8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.kube/config", 0xc000018788, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.kube/config", 0xc000018858, 0) = -1 ENOENT (No such file or directory)
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e08b80, FUTEX_WAIT_PRIVATE, 0, {tv_sec=31, tv_nsec=999222248}^C) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
strace: Process 15483 detached
So, how is the container created with containerd-shim
as a parent?那么,以containerd-shim
为父级的容器是如何创建的呢?
Note: The question is not about why do containers need this architecture (I know that it allows the process that spawned the container to exit without disrupting it: the container can continue its execution detached from the shell).注意:问题不在于为什么容器需要这种架构(我知道它允许生成容器的进程在不中断它的情况下退出:容器可以继续其与外壳分离的执行)。 But how this can technically be done.但是这在技术上是如何做到的。
you probably use strace
without -f
so it doesn't trace all threads.您可能使用不带-f
strace
,因此它不会跟踪所有线程。 See details with man strace
.使用man strace
查看详细信息。
when you run docker exec
, it doesn't run the command itself, but just sends the command to containerd
and eventually containerd-shim
starts the process.当您运行docker exec
,它不会运行命令本身,而只是将命令发送到containerd
,最终containerd-shim
启动该过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.