0

I've read quite a lot about how docker works using cgroups and namespaces. If that's correct the host should be able to see all the processes and filesystem tree that is used by the docker container. However I seem to be unable to figure it out.

Could someone show it with docker v1.12.6 and a running "nginx" container?

Optional: Is it possible to still access the files of already exited containers the same way?

PS, GraphDriver looks like this:

"GraphDriver" : { "Name" : "aufs", "Data" : null },
Improve this question

2 Answers 2

Reset to default
1

You can copy files from docker using docker cp command then you can access it.That will be simplest way to access files from exited container,too.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I can use this as a workaround, but it's not a solution. If I docker cp a file that doesn't exist it will error that it can't lstat the file with the full host path. That works fine as a workaround, but I'd still like to figure out the real version. Anyways, thumbs up because with that I can continue coding. Thanks!
1

When running on the host that the docker daemon runs on, you can run (as root);

Start an nginx container

docker run -d nginx

View all processes that are running, hierarchically

ps auxf

which shows all processes, including the nginx container you just started;

root 3810 0.9 3.2 387460 67308 ? Ssl 11:31 0:12 /usr/bin/dockerd -H fd:// root 3819 0.1 0.6 291624 14028 ? Ssl 11:31 0:01 \_ docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc root 4241 0.0 0.3 143872 6652 ? Sl 11:49 0:00 \_ docker-containerd-shim 1d3a6c65ac59e61c165d1f0119915a43e4d0387fd8432723f16b1ef2aa966522 /var/run/docker/libcontainerd/1d3a6c65ac59e61c165d1f0119915a43e4d0387fd8432723f16b1ef2aa966522 docker-runc root 4277 0.0 0.2 31872 5280 ? Ss 11:49 0:00 \_ nginx: master process nginx -g daemon off; syslog 4304 0.0 0.1 32260 2904 ? S 11:49 0:00 \_ nginx: worker process

container's filesystem

The storage location for container filesystems depend on the storage driver you're using. In your case the layers of images, and (writable) layers of containers are kept in /var/lib/docker/aufs. However, those files should not be messed with directly. You can use

  • docker cp to copy files from/to a container (even an exited container)
  • docker export to export the container's filesystem to a tar archive
  • docker commit a container to an image
Improve this answer

2 Comments

These are the processes, but not the files. For instance the ´/etc/nginx/nginx.confthat the nginx`process uses inside the container.
Sorry, was confused by your question "host should be able to see all the processes and filesystem tree". Added more information about the container's filesystem location. Note that volumes are not stored on the container's filesystem, but in a separate location

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.