DEV Community

Mark Nefedov
Mark Nefedov

Posted on

Debugging Containers Without Shell Access: Quick Tips

1. Run Commands Inside the Container’s Namespace

Every container runs in isolated namespaces. Use nsenter to "enter" these namespaces from the host:

# Get the container’s PID (Docker example)
PID=$(docker inspect -f '{{.State.Pid}}' your_container)  

# Inspect processes inside the container’s PID namespace
sudo nsenter -p -t $PID ps aux  

# Check network sockets in the container’s network namespace
sudo nsenter -n -t $PID ss -tnlp  
Enter fullscreen mode Exit fullscreen mode

Replace ps or ss with any host-installed tool (e.g., tcpdump, strace).

2. Access Container Files via /proc

Container filesystems are mounted under /proc/$PID/root:

# View container files
ls /proc/$PID/root/etc/nginx/  

# Edit configs directly from the host
vim /proc/$PID/root/app/config.yaml  
Enter fullscreen mode Exit fullscreen mode

Why This Works

https://www.man7.org/linux/man-pages/man7/namespaces.7.html

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay