1. Run Commands Inside the Container’s Namespace
Every container runs in isolated namespaces. Use nsenter
to "enter" these namespaces from the host:
# Get the container’s PID (Docker example)
PID=$(docker inspect -f '{{.State.Pid}}' your_container)
# Inspect processes inside the container’s PID namespace
sudo nsenter -p -t $PID ps aux
# Check network sockets in the container’s network namespace
sudo nsenter -n -t $PID ss -tnlp
Replace ps
or ss
with any host-installed tool (e.g., tcpdump
, strace
).
2. Access Container Files via /proc
Container filesystems are mounted under /proc/$PID/root
:
# View container files
ls /proc/$PID/root/etc/nginx/
# Edit configs directly from the host
vim /proc/$PID/root/app/config.yaml
Top comments (0)