Docker进程显示在主机进程列表中 [英] Docker Processes Shown on Host Process List

问题描述

我正在使用docker设置一个Selenium服务器，基本上是从主机上运行的单个监视器进程运行在所有容器内的进程。

I was setting up a Selenium server using docker, basically following this github tutorial.

I have no problem setting up the server, but I noticed that the processes that I started inside the docker image actually got shown up on my host process list.

As you can see in the screen shot, the docker ran a bash script and also executed a jar file, which I assume should only happen inside the box. Does this mean the user from the host could possibly kill a certain process outside the container which will totally screw up the world inside the box?

When I stopped the container, all the processes went away as I expected.

Is this the way Docker is designed for.. and the flawed isolation is what you have to accept in trade for the lightweight comparing with Virtualbox/Vagrant... or I am doing anything wrong?

Thanks!

解决方案

Yes, this is as intended. Notice that the processes are started by root, so a user with root privileges can kill them, but a user with root privileges can do worse than that (e.g., uninstall docker o_O)...

This "flawed" isolation actually has some great benefits, like the ability to monitor the processes running inside all your containers from a single monitor process running on the host machine.

这篇关于Docker进程显示在主机进程列表中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！