[systemd-devel] How can I map PID between host and container?
Kyungmin Park
kmpark at infradead.org
Sun Apr 26 19:18:30 PDT 2015
On Fri, Apr 24, 2015 at 12:36 AM, Mantas Mikulėnas <grawity at gmail.com> wrote:
> On Thu, Apr 23, 2015 at 6:25 PM, Lennart Poettering <lennart at poettering.net>
> wrote:
>>
>> The kernel doesn't have any nice userspace APIs to translate PIDs like
>> this, to my knowledge at least.
>>
>> That said, one can implement something like this by using the fact
>> that the kernel will translate user credentials that are sent via
>> AF_UNIX SCM_CREDENTIALS that pass through a PID namespace
>> boundary. hence, let's say you have one pid $n that identifies the
>> namespace you care about, and a container pid $a you want to translate
>> to host pid $b, then you'd create an AF_UNIX/SOCK_SEQPACKET
>> socketpair(), fork(), run setns() in the child to join the namespace
>> of $n, and send a single datagram to the parent with sendmsg(), while
>> explicitly specifiying the SCM_CREDENTIALS auxiliary field with the $a
>> in it, and exit. In the parent you use recvmsg() to read that datagram
>> with its SCM_CREDENTIALS, and use the pid you see as $b. Vice versa,
>> if you want to translate the other way you would send the datagram the
>> other way.
>>
>> nasty? absolutely! (also, only available for privileged processes, due
>> to the setns() call).
>>
>> I am not aware of any nicer way.
>
>
> I think /proc/<pid>/status in current linux.git has additional fields for
> the process PIDs in all namespaces, so you could probably get the "outer"
> PID by looking at the container's /proc.
Good hint, but there's not info at status at kernel 4.0
but there's another filed has this information.
/proc/<pid>/sched.
does it right? need to check it linux-next?
Thank you,
Kyungmin Park
>
> --
> Mantas Mikulėnas <grawity at gmail.com>
>
> On Thu, Apr 23, 2015 at 6:25 PM, Lennart Poettering <lennart at poettering.net>
> wrote:
>>
>> On Fri, 24.04.15 00:10, WaLyong Cho (walyong.cho at samsung.com) wrote:
>>
>> > Hello,
>> >
>> > I'm looking for a proper way what method to map PID between host and
>> > container.
>> >
>> > In case of systemctl, if I know pid in container(let's call this pid_c)
>> > then I can find the pid in sight of host(let's call this pid_h) by using
>> > "systemctl -M {container} pid_c" in host shell. But I can not find pid_c
>> > when I know pid_h by using "systemctl status pid_h".
>> >
>> > The former seems possible by parsing machine cgroup.
>> > In the latter case, can we also find the pid_c?
>> >
>> > And is there any other method to map between those?
>> > For example, when if I use lxc then how I find each pid? (lxc-ps?)
>> > According to my search, namespace can give me some of hints about this.
>> > I could not find more detail.
>> > Is there any proper libs or tools for this?
>>
>> The kernel doesn't have any nice userspace APIs to translate PIDs like
>> this, to my knowledge at least.
>>
>> That said, one can implement something like this by using the fact
>> that the kernel will translate user credentials that are sent via
>> AF_UNIX SCM_CREDENTIALS that pass through a PID namespace
>> boundary. hence, let's say you have one pid $n that identifies the
>> namespace you care about, and a container pid $a you want to translate
>> to host pid $b, then you'd create an AF_UNIX/SOCK_SEQPACKET
>> socketpair(), fork(), run setns() in the child to join the namespace
>> of $n, and send a single datagram to the parent with sendmsg(), while
>> explicitly specifiying the SCM_CREDENTIALS auxiliary field with the $a
>> in it, and exit. In the parent you use recvmsg() to read that datagram
>> with its SCM_CREDENTIALS, and use the pid you see as $b. Vice versa,
>> if you want to translate the other way you would send the datagram the
>> other way.
>>
>> nasty? absolutely! (also, only available for privileged processes, due
>> to the setns() call).
>>
>> I am not aware of any nicer way.
>>
>> Lennart
>>
>> --
>> Lennart Poettering, Red Hat
>> _______________________________________________
>> systemd-devel mailing list
>> systemd-devel at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
>
>
>
> --
> Mantas Mikulėnas <grawity at gmail.com>
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
More information about the systemd-devel
mailing list