3

There is a utility called nsenter in ubuntu. nsenter is a small tool allowing to enter into namespaces. It will enter into your docker container. I want to control the host machine from the docker container. How do I connect the host machine from the container using the nsenter utility?

Ashok Kumar
  • 105
  • 2
  • 8
  • Hi @Ashok Kumar, does the answer from the Fritz Duchardt answer your question? If yes, please consider [accepting it](https://stackoverflow.com/help/someone-answers). – Mikolaj S. Nov 09 '21 at 17:42
  • Seems like ```docker exec -it CONTAINER_NAME /bin/bash``` is a superior way for such task compare to ```nsenter```. Ref: https://github.com/jpetazzo/nsenter – Gleichmut Apr 27 '23 at 08:51

1 Answers1

5

nsenter allows you to join the Linux namespaces of a targeted process id (PID).

First, run a container that shares your hosts PID namespace with --pid=host. The container has to be privileged with --privileged, otherwise executing nsenter will fail with an "Operation not permitted" error. The container is kept running indefinitely by executing tail -f /dev/null.

docker run --pid=host --privileged --name admin-container ubuntu:latest tail -f /dev/null

Then exec into the container with nsenter, entering the file system, ipc, utc and network namespace of the host machine's very first init process (PID = 1):

docker exec -it admin-container nsenter --target 1 --mount --uts --ipc --net /bin/bash

Have a look around and you will notice, you are on the host machine.

Fritz Duchardt
  • 11,026
  • 4
  • 41
  • 60