0

Before Linux Kernel v4, I was able to obtain the host PID from inside the docker container from the process scheduling information.

For instance, if I run sleep command inside the container and my local PID is 37, then I can check the actual PID on the host via:

root@helloworld-595777cb8b-gjg4j:/# head /proc/37/sched
sleep (27062, #threads: 1)

I can verify on the host that the PID 27062 corresponds to the process within the container.

root      27062  0.0  0.0   4312   352 pts/0    S    16:29   0:00 sleep 3000

I have tried this with on RHEL7 (Kernel: Linux 3.10) with Docker version: 17.09.0-ce.

I am not able to reproduce the same result on RHEL8 (Kernel: Linux 4.18) with Docker version: 20.10. In fact, I always get the local PID from the scheduling information.

/ # head /proc/8/sched
sleep (8, #threads: 1)

I might be wrong but my assumption is that something is changed within the Kernel which forbids to obtain the host PID?

So the question is how to obtain the host PID from within the container?

Muzammil
  • 417
  • 1
  • 4
  • 20
  • You can try this `for i in $(docker container ls --format "{{.ID}}"); do docker inspect -f '{{.State.Pid}} {{.Name}}' $i; done` – DreamBold Nov 24 '22 at 17:42
  • 1
    @DreamBold OP wants to do this from *within the container*. – Marco Bonelli Nov 24 '22 at 18:39
  • Can you connect to the instance running? `docker exec -it your-container-id /bin/bash` ? Then you can use regular ubuntu commands to check the process id – DreamBold Nov 24 '22 at 18:43
  • You should not be able to obtain the host PID from within the container. That's what a container is intended for. If you want, you can start the container with `--pid=host` to use the same PID namespace, but then you would not have different PIDs for processes inside the container. – Marco Bonelli Nov 24 '22 at 19:20
  • Thanks @MarcoBonelli. I know same PID namespace is a solution but I like to avoid that. – Muzammil Nov 25 '22 at 09:16
  • @DreamBold Yes, I can connect to the container and execute the commands to retrieve the pid. But the pid is always the local pid from inside the container. But I want to know the actual pid on the host. This was possible before Linux 4. – Muzammil Nov 25 '22 at 09:18
  • `docker inspect -f '{{.State.Pid}}' ` Did you try this command? – DreamBold Nov 25 '22 at 09:21
  • @DreamBold I need to know the host pid from __within__ the container, and not from the host. – Muzammil Nov 25 '22 at 09:43
  • Am not sure what you mean, running `ps -a` or `ps aux` on the console of the container doesn't work for you? – DreamBold Nov 25 '22 at 09:46
  • 1
    @DreamBold I think you are not understanding the concept of [PID namespaces](https://manned.org/pid_namespaces.7), which is essentially what creates OP's problem, making host PIDs and container PIDs different. – Marco Bonelli Nov 25 '22 at 11:50

1 Answers1

0

The bug (or "feature" if you prefer) that allowed the host PID to be discovered from /proc/PID/sched in the container was fixed (or "broken" if you prefer) in Linux kernel 4.14 by commit 74dc3384fc79 ("sched/debug: Use task_pid_nr_ns in /proc/$pid/sched").

As a result of the change, the container cannot get the host PID of a process (at least via /proc/PID/sched) if PID namespaces are in use.

Ian Abbott
  • 15,083
  • 19
  • 33
  • That's very useful information. Thanks. Do you have a suggestion to find a workaround a part from running into the same PID namespace? – Muzammil Nov 25 '22 at 16:42
  • 1
    @Muzammil I think any workaround would be considered to be a bug by the kernel maintainers. – Ian Abbott Nov 25 '22 at 17:44