stackoom
  简体   繁体   中英

Can I run host commands with docker container environment?

 原文  2018-10-19 07:36:14       linux/ docker

Question

Many docker images have no base commands such as ifconfig , ip , ps , etc. So I would like to find a way to run host commands in docker container environment so that I don't need to copy/pack every commands to docker image.

I know a command ip netns exec [ns] ifconfig , which can run the command ifconfig in a new network namespace. Is there similar way for docker container?

1 answers

solution1
 1 ACCPTED  2018-10-20 23:03:34

This question misses the fact that the kernel does not have a notion of a "container" - from its standpoint, the container is a set of different abstractions (different namespaces, cgroups, etc.). Having enough rights on the host, you can manage these abstractions independently (eg enter any single namespace of the container, or a couple of them). That said, the full answer to the question depends on what "execute the host's binary in the container" means (do you want to execute this binary in all namespaces of the container, or only in significant ones, which influence the result you want to obtain?).

Technically, you can execute arbitrary host's binary inside the container's namespaces (except for mnt namespace) without copying or mounting this binary into the container's filesystem. Depending on what you are trying to achieve, it may or may not solve your problem.

For example, doing some ip stuff after entering only net namespace of the container will probably give you the expected result: 

$ sudo nsenter -t $CONTAINERIZED_PROCESS_PID -n ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
33: eth0@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0

The command from the host gets executed in the container's network namespace and shows its network interfaces correctly.

Or you can get correct container's hostname executing hostname binary inside container's UTS namespace: 

$ sudo nsenter -t $CONTAINERIZED_PROCESS_PID -u hostname
d65269ecf908

However, doing ps after entering pid namespace of the container will not give you the list of the container's processes, but rather the list of all processes you are able to see from the host, because ps takes the information from /proc , so to see the correct set of processes you have to enter the container's mnt namespace (which in turn will make you unable to run the host binaries, because you will no longer see them).

That said, it really depends on what do you want to execute and what do you want to get as a result.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I run docker diff from a container on the same host as the container I want to run the diff on? run multiple commands in docker after container start Can I run a 32bit binary in a 64bit docker container on a 64bit only host kernel? How to run a windows docker container on linux host? Can I run Docker containers after upgrading host? When in a docker container with wireguard, why can I only access nginx from the docker host and not remotely? if i run sudo dd if=/dev/zero of=/dev/sda in a docker container will my host system break? Can I run JetBrains dotCover in a Linux Docker container? PID of processes in docker container when run commands via && Copy folder from container to host after docker run
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM