[Lxc-users] mapping host PID <-> container PID

Tue May 3 15:58:39 UTC 2011

Quoting Greg Kurz (gkurz at fr.ibm.com):
> On Thu, 2011-04-28 at 09:41 -0500, Serge Hallyn wrote:
> > Quoting Ulli Horlacher (framstag at rus.uni-stuttgart.de):
> > > 
> > > Is there a way to get the corresponding host PID for a container PID?
> > > 
> > > For example: inside the the container the process "init" has always PID 1.
> > > But what PID has this process in the host process table?
> > > 
> > > ps aux | grep ... is not what I am looking for, I want more robust solution.
> > 
> > There is nothing that gives you a 100% guaranteed correct race-free
> > correspondence right now.  You can look under /proc/<pid>/root/proc/ to
> > see the pids valid in the container, and you can relate output of
> > lxc-ps --forest to ps --forest output.  But nothing under /proc that I
> > know of tells you "this task is the same as that task".  You can't
> > even look at /proc/<pid> inode numbers since they are different
> > filesystems for each proc mount.
> > 
> > It's tempting to say that we should put a per-task unique id under
> > /proc/<pid> for each task.  However that would likely be nacked because
> > it introduces a new namespace of its own.
> > 
> 
> An alternative could be to expose the container pid
> in /proc/<pid>/status. Could such a patch make it to mainline ?

Potentially.  With the seccomp+ftrace patchset there was some pushback
against adding its info to /proc/pid/status, but that tossed potentially
much more info in (a list of filters).

Anyway, if there is is a complaint about that with this patch, then
we can just find somewhere else to put it.

The nice thing about this is that it avoids introducing a new namespace -
Since we should only see this value for or own or child pid namespaces,
and those will be preserved accross c/r, this is actually a safe thing
to export.

So let's try to push this

Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Thanks, Greg.

-serge

> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -337,6 +337,12 @@ static void task_cpus_allowed(struct seq_file *m,
> struct task_struct *task)
>  	seq_putc(m, '\n');
>  }
>  
> +static void task_vpid(struct seq_file *m, struct task_struct *task)
> +{
> +	struct pid_namespace *ns = task_active_pid_ns(task);
> +	seq_printf(m, "Vpid:\t%d\n", ns ? task_pid_nr_ns(task, ns) : 0);
> +}
> +
>  int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
>  			struct pid *pid, struct task_struct *task)
>  {
> @@ -354,6 +360,7 @@ int proc_pid_status(struct seq_file *m, struct
> pid_namespace *ns,
>  	task_cpus_allowed(m, task);
>  	cpuset_task_status_allowed(m, task);
>  	task_context_switch_counts(m, task);
> +	task_vpid(m, task);
>  	return 0;
>  }
> 
> Signed-off-by: Greg Kurz <gkurz at fr.ibm.com>
> 
> 