PID mapping between docker and host
As I mentioned in "Running docker securely":
Currently, Docker uses five namespaces to alter processes view of the system: Process, Network, Mount, Hostname, Shared Memory.
The fact that, by default, as I mentioned in your previous question "Docker Namespace in kernel level" the container pid are isolated from the host (unless you run them with --pid host
) is by design.
If you are using --pid=host
, then those container pids are visible from the host, but not easily matched to a particular container, not until issue 10163 and --pid=container:id
is resolved.
Update May 2016: issue 10163 and --pid=container:id
is actually resolved by PR 22481 for docker 1.12, allowing to join another container's PID namespace.