9

In Docker releases previous to v0.9.0, you could attach(inject) a process into a container by using lxc-attach. For example:

docker run -d ubuntu:12.04
docker inspect {{containerhash}} | grep ID
// "ID": "d846ae242838de66f12414fbc8807acb3c77778bdb81babab7115261f4242284"
sudo lxc-attach -n d846ae242838de66f12414fbc8807acb3c77778bdb81babab7115261f4242284 -- /bin/bash

This no longer works because of the 0.9.0 switch to libcontainer.

How can we do this via libcontainer?

There is an option to switch to lxc with a startup option, but I'd like to know how this can be accomplished via libcontainer.

jmar
  • 452
  • 2
  • 14
  • Look at all my answer on the subject. I always recommend against lxc-attach because of this :). However, it is still possible with nsinit – creack Mar 11 '14 at 23:44

1 Answers1

9

Check if you have the nsenter tool. It should be in the util-linux package, after version 2.23. Note: unfortunately, Debian and Ubuntu still ship with util-linux 2.20.

If you have nsenter, it's relatively easy. First, find the PID of the first process of the container (actually, any PID will do, but this is just easier and safer):

PID=$(docker inspect --format '{{.State.Pid}}' my_container_id)

Then, enter like this:

nsenter --target $PID --mount --uts --ipc --net --pid

Voilà! Note, however, that nsenter won't honor capabilities.

If you don't have nsenter (e.g. if you are using Debian or Ubuntu, or your distro has too old util-linux), you can download util-linux and compile it. I have a nsenter binary, maybe I can upload it to the Docker registry if that could help anyone.

Another option is to use nsinit, a helper tool for libcontainer. I don't think that there is a lot of documentation for nsinit since it's very new, but check https://asciinema.org/a/8090 for an example. You will need a Go build environment.

jpetazzo
  • 14,874
  • 3
  • 43
  • 45