[systemd-devel] How can I map PID between host and container?

[Mantas Mikulėnas]

On Thu, Apr 23, 2015 at 6:25 PM, Lennart Poettering <lennart at poettering.net>
wrote:
>
> The kernel doesn't have any nice userspace APIs to translate PIDs like
> this, to my knowledge at least.
>
> That said, one can implement something like this by using the fact
> that the kernel will translate user credentials that are sent via
> AF_UNIX SCM_CREDENTIALS that pass through a PID namespace
> boundary. hence, let's say you have one pid $n that identifies the
> namespace you care about, and a container pid $a you want to translate
> to host pid $b, then you'd create an AF_UNIX/SOCK_SEQPACKET
> socketpair(), fork(), run setns() in the child to join the namespace
> of $n, and send a single datagram to the parent with sendmsg(), while
> explicitly specifiying the SCM_CREDENTIALS auxiliary field with the $a
> in it, and exit. In the parent you use recvmsg() to read that datagram
> with its SCM_CREDENTIALS, and use the pid you see as $b. Vice versa,
> if you want to translate the other way you would send the datagram the
> other way.
>
> nasty? absolutely! (also, only available for privileged processes, due
> to the setns() call).
>
> I am not aware of any nicer way.
>

I think /proc/<pid>/status in current linux.git has additional fields for
the process PIDs in all namespaces, so you could probably get the "outer"
PID by looking at the container's /proc.

-- 
Mantas Mikulėnas <grawity at gmail.com>

On Thu, Apr 23, 2015 at 6:25 PM, Lennart Poettering <lennart at poettering.net>
wrote:

> On Fri, 24.04.15 00:10, WaLyong Cho (walyong.cho at samsung.com) wrote:
>
> > Hello,
> >
> > I'm looking for a proper way what method to map PID between host and
> > container.
> >
> > In case of systemctl, if I know pid in container(let's call this pid_c)
> > then I can find the pid in sight of host(let's call this pid_h) by using
> > "systemctl -M {container} pid_c" in host shell. But I can not find pid_c
> > when I know pid_h by using "systemctl status pid_h".
> >
> > The former seems possible by parsing machine cgroup.
> > In the latter case, can we also find the pid_c?
> >
> > And is there any other method to map between those?
> > For example, when if I use lxc then how I find each pid? (lxc-ps?)
> > According to my search, namespace can give me some of hints about this.
> > I could not find more detail.
> > Is there any proper libs or tools for this?
>
> The kernel doesn't have any nice userspace APIs to translate PIDs like
> this, to my knowledge at least.
>
> That said, one can implement something like this by using the fact
> that the kernel will translate user credentials that are sent via
> AF_UNIX SCM_CREDENTIALS that pass through a PID namespace
> boundary. hence, let's say you have one pid $n that identifies the
> namespace you care about, and a container pid $a you want to translate
> to host pid $b, then you'd create an AF_UNIX/SOCK_SEQPACKET
> socketpair(), fork(), run setns() in the child to join the namespace
> of $n, and send a single datagram to the parent with sendmsg(), while
> explicitly specifiying the SCM_CREDENTIALS auxiliary field with the $a
> in it, and exit. In the parent you use recvmsg() to read that datagram
> with its SCM_CREDENTIALS, and use the pid you see as $b. Vice versa,
> if you want to translate the other way you would send the datagram the
> other way.
>
> nasty? absolutely! (also, only available for privileged processes, due
> to the setns() call).
>
> I am not aware of any nicer way.
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>



-- 
Mantas Mikulėnas <grawity at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150423/25c0133a/attachment.html>