如何检查进程是否在docker容器内运行? [英] How to check if a process is running inside docker container?

问题描述

[Updated1] 我有一个 shell，它会改变某些函数中的 TCP 内核参数，但现在我需要让这个 shell 在 Docker 容器中运行，这意味着，shell 需要知道它正在容器内运行并停止配置内核.

现在我不确定如何实现，这是容器内 /proc/self/cgroup 的内容:

9:hugetlb:/8:perf_event:/7:blkio:/6:冷冻室:/5:设备:/4:记忆:/3:cpuacct:/2:cpu:/docker/25ef774c390558ad8c4e9a859​​0b6a1956231aae404d6a7aba4dde320ff569b8b1:cpuset:/

我可以使用上面的任何标志来确定此进程是否在容器内运行?

[Updated2]:我还注意到 确定进程是否运行在 lxc/Docker 中，但在这种情况下似乎不起作用，我容器的 /proc/1/cgroup 中的内容是:

8:perf_event:/7:blkio:/6:冷冻室:/5:设备:/4:记忆:/3:cpuacct:/2:cpu:/docker/25ef774c390558ad8c4e9a859​​0b6a1956231aae404d6a7aba4dde320ff569b8b1:cpuset:/

没有/lxc/containerid

解决方案

检查 Docker 容器内部是否在 Docker 容器内可以通过 /proc/1/cgroup 完成.正如这篇文章所建议的，您可以执行以下操作:>

在 docker 容器外，/proc/1/cgroup 中的所有条目都以 / 结尾，如下所示:

vagrant@ubuntu-13:~$ cat/proc/1/cgroup11:name=systemd:/10:hugetlb:/9:perf_event:/8:blkio:/7:冷冻室:/6:设备:/5:记忆:/4:cpuacct:/3:CPU:/2:cpuset:/

在 Docker 容器内，一些控制组将属于 Docker(或 LXC):

vagrant@ubuntu-13:~$ docker run busybox cat/proc/1/cgroup11:name=systemd:/10:hugetlb:/9:perf_event:/8:blkio:/7:冷冻室:/6:设备:/docker/3601745b3bd54d9780436faa5f0e4f72bb46231663bb99a6bb892764917832c25:记忆:/4:cpuacct:/3:cpu:/docker/3601745b3bd54d9780436faa5f0e4f72bb46231663bb99a6bb892764917832c22:cpuset:/

[Updated1] I have a shell which will change TCP kernel parameters in some functions, but now I need to make this shell run in Docker container, that means, the shell need to know it is running inside a container and stop configuring the kernel.

Now I'm not sure how to achieve that, here is the contents of /proc/self/cgroup inside the container:

9:hugetlb:/
8:perf_event:/
7:blkio:/
6:freezer:/
5:devices:/
4:memory:/
3:cpuacct:/
2:cpu:/docker/25ef774c390558ad8c4e9a8590b6a1956231aae404d6a7aba4dde320ff569b8b
1:cpuset:/

Any flags above can I use to figure out if this process is running inside a container?

[Updated2]: I have also noticed Determining if a process runs inside lxc/Docker, but it seems not working in this case, the content in /proc/1/cgroup of my container is:

8:perf_event:/
7:blkio:/
6:freezer:/
5:devices:/
4:memory:/
3:cpuacct:/
2:cpu:/docker/25ef774c390558ad8c4e9a8590b6a1956231aae404d6a7aba4dde320ff569b8b
1:cpuset:/

No /lxc/containerid

解决方案

To check inside a Docker container if you are inside a Docker container or not can be done via /proc/1/cgroup. As this post suggests you can to the following:

Outside a docker container all entries in /proc/1/cgroup end on / as you can see here:

vagrant@ubuntu-13:~$ cat /proc/1/cgroup
11:name=systemd:/
10:hugetlb:/
9:perf_event:/
8:blkio:/
7:freezer:/
6:devices:/
5:memory:/
4:cpuacct:/
3:cpu:/
2:cpuset:/

Inside a Docker container some of the control groups will belong to Docker (or LXC):

vagrant@ubuntu-13:~$ docker run busybox cat /proc/1/cgroup
11:name=systemd:/
10:hugetlb:/
9:perf_event:/
8:blkio:/
7:freezer:/
6:devices:/docker/3601745b3bd54d9780436faa5f0e4f72bb46231663bb99a6bb892764917832c2
5:memory:/
4:cpuacct:/
3:cpu:/docker/3601745b3bd54d9780436faa5f0e4f72bb46231663bb99a6bb892764917832c2
2:cpuset:/

这篇关于如何检查进程是否在docker容器内运行?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！