[lxc-users] Getting GID, UID of container process from container host

[Shailendra Rana]

I believe NSpid is available from Linux 4.1 version onward.
man7.org/linux/man-pages/man5/proc.5.html

Thanks,
Shailendra




On 31 January 2018 at 14:33, Shailendra Rana
<shailendra.rana1982 at gmail.com> wrote:
> Hi,
>
> I do not see NSpid field in status file.
>
> # cat /proc/14307/status | grep -i ns
>
> I am running a docker container.
> docker -v
> Docker version 1.12.1, build 23cf638
>
> Thanks,
> Shailendra
>
> On 31 January 2018 at 02:09, Stéphane Graber <stgraber at ubuntu.com> wrote:
>> On Tue, Jan 30, 2018 at 10:19:12PM +0530, Shailendra Rana wrote:
>>> Hi,
>>>
>>> Is there a way we can get the PID/GID/UID of a container process using
>>> the host  PID/GID/UID of that container process ? Basically mapping of
>>> host PID/GID/UID to container PID/GID/UID.
>>>
>>> Thanks,
>>> Shailendra
>>
>> It's technically doable, yes, but not particularly enjoyable :)
>>
>> stgraber at castiana:~$ ls -lh /proc/ | grep 8261
>> dr-xr-xr-x  9          1000000          1000000    0 Jan 30 15:33 8261
>> stgraber at castiana:~$ cat /proc/8261/status | grep -i ns
>> NStgid: 8261    1
>> NSpid:  8261    1
>> NSpgid: 8261    1
>> NSsid:  8261    1
>> stgraber at castiana:~$ cat /proc/8261/uid_map
>>          0    1000000 1000000000
>> stgraber at castiana:~$ cat /proc/8261/gid_map
>>          0    1000000 1000000000
>>
>>
>> In this case, host PID 8261 is PID 1 in the container as can be found in
>> the status file. For the owner, you need to read the uid and gid map,
>> then do the math.
>>
>> In this case, the map says that uid 0 in the container is uid 1000000 on
>> the host. The gid map is the same, so that means that this process is
>> running as uid=0 gid=0 in the container.
>>
>> --
>> Stéphane Graber
>> Ubuntu developer
>> http://www.ubuntu.com
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users