容器进程如何附加到 docker 中的 containerd-shim
[英]How container processes are attached to containerd-shim in docker
问题描述
When I execute a task within a container using docker exec , the newly spawned process is attached to containerd-shim with the other processes of this container which is the expected behavior.
当我使用docker exec在容器内执行任务时,新生成的进程与该容器的其他进程一起附加到containerd-shim ,这是预期的行为。 But I don't understand in detail how the newly spawned process can be attached to this process.但我不明白如何将新生成的进程附加到这个进程的细节。
EDIT : After some research, i understood that the process was actually spawned by runc then, using prctl(PR_SET_CHILD_SUBREAPER, 1);编辑:经过一些研究,我了解到该进程实际上是由 runc 产生的,然后使用prctl(PR_SET_CHILD_SUBREAPER, 1); it was possible to terminate runc and the process was attached to runc.可以终止 runc 并且该进程附加到 runc。 Yet, that does not explain how the process is "transferred" from my shell to this runc process attached to containerd-shim然而,这并没有解释这个进程是如何从我的 shell“转移”到这个附加到containerd-shim runc 进程的
For instance, if I spawn a process with sudo strace docker exec 104f931f77ee sleep 99 then I will have the following ps tree (simplified for clarity).例如,如果我使用sudo strace docker exec 104f931f77ee sleep 99生成一个进程,那么我将拥有以下 ps 树(为了清晰起见进行了简化)。
systemd,1
├─agetty,365 -o -p -- \\u --noclear tty1 linux
├─containerd,364
│ ├─containerd-shim,1858 -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/104f931f77eeb745451a47644e4997440a674697cef9a1a567b4edede960c68e -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
│ │ ├─bash,1875
│ │ ├─sleep,4769 10000000
│ │ ├─sleep,15504 99
│ │ └─{containerd-shim},1859, 1860, ...
│ └─{containerd},373, 374, ...
├─dockerd,366 -H fd:// --containerd=/run/containerd/containerd.sock
│ └─{dockerd},381, 382 ... 406
│
└─sshd,371 -D
└─sshd,565
└─sshd,582
└─zsh,583
└─sudo,15479 strace docker exec 104f931f77ee sleep 99
└─strace,15480 docker exec 104f931f77ee sleep 99
└─docker,15483 exec 104f931f77ee sleep 99
└─{docker},15485 to 15494
According to the strace of containerd-shim , this isn't due to containerd-shim directly as no systemcall is done when a container is attached to this process.根据containerd-shim的strace ,这不是直接由于containerd-shim造成的,因为当容器附加到此进程时没有进行系统调用。 (Since it is waken only when a container dies, not when it spawns) (因为它仅在容器死亡时被唤醒,而不是在它生成时)
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21192, si_uid=0, si_status=0, si_utime=1, si_stime=0} ---
futex(0x9f3500, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigreturn({mask=~[HUP INT QUIT ILL TRAP ABRT BUS FPE KILL USR1 SEGV PIPE TERM STKFLT CHLD STOP PROF SYS RTMIN RT_1]}) = 202
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21653, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
futex(0x9f3500, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigreturn({mask=~[HUP INT QUIT ILL TRAP ABRT BUS FPE KILL USR1 SEGV PIPE TERM STKFLT CHLD STOP PROF SYS RTMIN RT_1]}) = 202
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
(See edit) This is especially weird since : (见编辑)这特别奇怪,因为:
You can not start a process as the child of the shell, and then "reparent" it so another process becomes it's parent.您不能将一个进程作为 shell 的子进程启动,然后“重新设置”它的父进程,以便另一个进程成为它的父进程。
So you need to use a parent process that explicitly starts the children.因此,您需要使用显式启动子进程的父进程。
Also, according to this strace there is no direct communication between the spawning process and the containerd-shim此外,根据此 strace,产卵过程和containerd-shim之间没有直接通信
sudo strace docker exec 104f931f77ee sleep 99
execve("/usr/bin/docker", ["docker", "exec", "104f931f77ee", "sleep", "99"], 0x7ffe39a39f60 /* 13 vars */) = 0
brk(NULL) = 0x5650f557d000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32790, ...}) = 0
mmap(NULL, 32790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3324830000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@l\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=146968, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332482e000
mmap(NULL, 132288, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f332480d000
mmap(0x7f3324813000, 61440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f3324813000
mmap(0x7f3324822000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f3324822000
mmap(0x7f3324828000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7f3324828000
mmap(0x7f332482a000, 13504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f332482a000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\21\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14592, ...}) = 0
mmap(NULL, 16656, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3324808000
mmap(0x7f3324809000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f3324809000
mmap(0x7f332480a000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f332480a000
mmap(0x7f332480b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f332480b000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260A\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1824496, ...}) = 0
mmap(NULL, 1837056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3324647000
mprotect(0x7f3324669000, 1658880, PROT_NONE) = 0
mmap(0x7f3324669000, 1343488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f3324669000
mmap(0x7f33247b1000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16a000) = 0x7f33247b1000
mmap(0x7f33247fe000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7f33247fe000
mmap(0x7f3324804000, 14336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3324804000
close(3) = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3324644000
arch_prctl(ARCH_SET_FS, 0x7f3324644740) = 0
mprotect(0x7f33247fe000, 16384, PROT_READ) = 0
mprotect(0x7f332480b000, 4096, PROT_READ) = 0
mprotect(0x7f3324828000, 4096, PROT_READ) = 0
mprotect(0x5650f338d000, 27123712, PROT_READ) = 0
mprotect(0x7f3324860000, 4096, PROT_READ) = 0
munmap(0x7f3324830000, 32790) = 0
set_tid_address(0x7f3324644a10) = 15483
set_robust_list(0x7f3324644a20, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f33248136b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f3324813740, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(NULL) = 0x5650f557d000
brk(0x5650f559e000) = 0x5650f559e000
sched_getaffinity(0, 8192, [0, 1, 2, 3, 4, 5]) = 64
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3324604000
mmap(0xc000000000, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(0xc000000000, 67108864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(NULL, 33554432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3322604000
mmap(NULL, 2164736, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223f3000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223e3000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223d3000
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
sigaltstack(NULL, {ss_sp=NULL, ss_flags=SS_DISABLE, ss_size=0}) = 0
sigaltstack({ss_sp=0xc000002000, ss_flags=0, ss_size=32768}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
gettid() = 15483
rt_sigaction(SIGHUP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGILL, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGILL, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGTRAP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTRAP, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGABRT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGABRT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGBUS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGFPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGFPE, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGSEGV, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1],
[...]
sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3321bd2000
mprotect(0x7f3321bd3000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f33223d1fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f33223d29d0, tls=0x7f33223d2700, child_tidptr=0x7f33223d29d0) = 15485
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33213d1000
mprotect(0x7f33213d2000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3321bd0fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3321bd19d0, tls=0x7f3321bd1700, child_tidptr=0x7f3321bd19d0) = 15486
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33203cf000
mprotect(0x7f33203d0000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3320bcefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3320bcf9d0, tls=0x7f3320bcf700, child_tidptr=0x7f3320bcf9d0) = 15488
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33137ff000
mprotect(0x7f3313800000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3313ffefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3313fff9d0, tls=0x7f3313fff700, child_tidptr=0x7f3313fff9d0) = 15489
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
mmap(NULL, 1439992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332026f000
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332022f000
readlinkat(AT_FDCWD, "/proc/self/exe", "/usr/bin/docker", 128) = 15
fcntl(0, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
fcntl(1, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
fcntl(2, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
getpid() = 15483
newfstatat(AT_FDCWD, "/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}, 0) = 0
openat(AT_FDCWD, "/proc/stat", O_RDONLY|O_CLOEXEC) = 3
epoll_create1(EPOLL_CLOEXEC) = 4
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=539230440, u64=139857559290088}}) = 0
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
read(3, "cpu 2248 0 4821 3583425 1021 0 "..., 4096) = 1387
read(3, "", 2709) = 0
epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc00021120c) = 0
close(3) = 0
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33201ef000
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
getrandom("\x5c\x6c\x6d\xbf\xd9\x2a\xf8\x4d", 8, 0) = 8
newfstatat(AT_FDCWD, "/usr/lib/libykcs11.so", 0xc000050788, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/libykcs11.so.1", 0xc000050858, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib64/libykcs11.so", 0xc000050928, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib64/libykcs11.so.1", 0xc0000509f8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libykcs11.so", 0xc000050ac8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/lib/libykcs11.so", 0xc000050b98, 0) = -1 ENOENT (No such file or directory)
capget({version=0 /* _LINUX_CAPABILITY_VERSION_??? */, pid=0}, NULL) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cap_last_cap", O_RDONLY|O_CLOEXEC) = 3
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=539230440, u64=139857559290088}}) = 0
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
read(3, "37\n", 11) = 3
epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc000211d24) = 0
close(3) = 0
newfstatat(AT_FDCWD, "/usr/local/sbin/unpigz", 0xc0000512e8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/unpigz", 0xc0000513b8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/unpigz", 0xc000051488, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/unpigz", {st_mode=S_IFREG|0755, st_size=116944, ...}, 0) = 0
getpid() = 15483
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
uname({sysname="Linux", nodename="debiankvm", ...}) = 0
getuid() = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=510, ...}) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 510
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32790, ...}) = 0
mmap(NULL, 32790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3324830000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0003\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=55792, ...}) = 0
mmap(NULL, 83768, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f33201da000
mprotect(0x7f33201dd000, 40960, PROT_NONE) = 0
mmap(0x7f33201dd000, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f33201dd000
mmap(0x7f33201e4000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f33201e4000
mmap(0x7f33201e7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f33201e7000
mmap(0x7f33201e9000, 22328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f33201e9000
close(3) = 0
mprotect(0x7f33201e7000, 4096, PROT_READ) = 0
munmap(0x7f3324830000, 32790) = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1394, ...}) = 0
read(3, "root:x:0:0:root:/root:/bin/zsh\nd"..., 4096) = 1394
close(3) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3311ffc000
mprotect(0x7f3311ffd000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f33127fbfb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f33127fc9d0, tls=0x7f33127fc700, child_tidptr=0x7f33127fc9d0) = 15492
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a7d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a7d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
epoll_pwait(4, [], 128, 0, NULL, 8) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332018a000
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04ee8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
epoll_pwait(4, [], 128, 0, NULL, 128) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c4c8, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332017a000
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04ee8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
newfstatat(AT_FDCWD, "/root/.docker/config.json", 0xc0004d9bd8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.dockercfg", 0xc0004d9ca8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/sbin/pass", 0xc0004d9d78, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/pass", 0xc0004d9e48, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/pass", 0xc0004d9f18, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/pass", 0xc000018038, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/sbin/pass", 0xc000018108, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/bin/pass", 0xc0000181d8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/sbin/docker-credential-secretservice", 0xc0000182a8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/docker-credential-secretservice", 0xc000018378, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/docker-credential-secretservice", 0xc000018448, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/docker-credential-secretservice", 0xc000018518, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/sbin/docker-credential-secretservice", 0xc0000185e8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/bin/docker-credential-secretservice", 0xc0000186b8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.kube/config", 0xc000018788, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.kube/config", 0xc000018858, 0) = -1 ENOENT (No such file or directory)
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e08b80, FUTEX_WAIT_PRIVATE, 0, {tv_sec=31, tv_nsec=999222248}^C) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
strace: Process 15483 detached
So, how is the container created with containerd-shim as a parent?那么,以containerd-shim为父级的容器是如何创建的呢?
Note: The question is not about why do containers need this architecture (I know that it allows the process that spawned the container to exit without disrupting it: the container can continue its execution detached from the shell).注意:问题不在于为什么容器需要这种架构(我知道它允许生成容器的进程在不中断它的情况下退出:容器可以继续其与外壳分离的执行)。 But how this can technically be done.但是这在技术上是如何做到的。
1 个解决方案
解决方案1
0 2021-01-19 03:12:03
you probably use strace without -f so it doesn't trace all threads.您可能使用不带-f strace ,因此它不会跟踪所有线程。 See details with man strace .使用man strace查看详细信息。
when you run docker exec , it doesn't run the command itself, but just sends the command to containerd and eventually containerd-shim starts the process.当您运行docker exec ,它不会运行命令本身,而只是将命令发送到containerd ,最终containerd-shim启动该过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
仅使用 containerd(无 Docker)修剪容器镜像 - Prune container images with just containerd (w/o Docker)
如何获取Docker容器中运行的进程的内存使用情况? - How do I get memory usage of processes running in a Docker container?
在Docker容器中运行的多个httpd进程 - Multiple httpd processes running in Docker Container
使用 containerd 为容器创建同级进程 - Creating a sibling process to a container using containerd
Docker 容器连接到网络,网络检查显示没有容器 - Docker Container Attached to Network, Network Inspect Shows No Containers
是否可以让 docker 容器在没有附加前台进程的情况下继续运行 - Is it possible to let docker container keep running when no foreground process is attached
通过&&运行命令时docker容器中进程的PID - PID of processes in docker container when run commands via &&
如何在linux中列出附加到共享内存段的进程? - How to list processes attached to a shared memory segment in linux?
寻找 Docker 容器进程? (从主持人的角度来看) - Finding Docker container processes? (from host point of view)
为什么在docker容器内运行top只显示容器内的进程? - Why does running top inside docker container only show processes inside the container?
相关标签