Linux 如何确定进程是否在 lxc/Docker 中运行?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20010199/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to determine if a process runs inside lxc/Docker?
提问by Mate Varga
Is there any way to determine if a process (script) runs inside an lxc container (~ Docker runtime)? I know that some programs are able to detect whether they run inside a virtual machine, is something similar available for lxc/docker?
有没有办法确定进程(脚本)是否在 lxc 容器(~Docker 运行时)内运行?我知道有些程序能够检测它们是否在虚拟机内运行,lxc/docker 是否有类似的东西?
采纳答案by jpetazzo
The most reliable way is to check /proc/1/cgroup. It will tell you the control groups of the init process, and when you are notin a container, that will be /for all hierarchies. When you are insidea container, you will see the name of the anchor point. With LXC/Docker containers, it will be something like /lxc/<containerid>or /docker/<containerid>respectively.
最可靠的方法是检查/proc/1/cgroup。它会告诉您 init 进程的控制组,当您不在容器中时,它将/适用于所有层次结构。当您在容器内时,您将看到锚点的名称。对于 LXC/Docker 容器,它将类似于/lxc/<containerid>或/docker/<containerid>分别。
回答by creack
The easiest way would be to check the environment. If you have the container=lxcvariable, you are within a container.
最简单的方法是检查环境。如果你有container=lxc变量,你就在一个容器中。
Otherwise, if you are root, you can try to perform mknodor mountoperation, if it fails, you are most likely in a container with dropped capabilities.
否则,如果您是root,您可以尝试执行mknod或mount操作,如果失败,您很可能在一个已删除功能的容器中。
回答by at0S
Docker creates a .dockerenvfile at the root of the directory tree inside container.
You can run this script to verify
Docker.dockerenv在容器内目录树的根部创建一个文件。您可以运行此脚本来验证
#!/bin/bash
if [ -f /.dockerenv ]; then
echo "I'm inside matrix ;(";
else
echo "I'm living in real world!";
fi
MORE:Ubuntu actually has a bash script: /bin/running-in-containerand it actually can return the type of container it has been invoked in. Might be helpful.
Don't know about other major distros though.
更多:Ubuntu 实际上有一个 bash 脚本:/bin/running-in-container它实际上可以返回它被调用的容器类型。可能会有所帮助。不知道其他主要发行版。
回答by Martin Tajur
My answer only applies for Node.js processesbut may be relevant for some visitors who stumble to this question looking for a Node.js specific answer.
我的回答仅适用于Node.js 进程,但可能与一些偶然发现此问题以寻找 Node.js 特定答案的访问者相关。
I had the same problem and relying on /proc/self/cgroupI created an npm packagefor solely this purpose — to detect whether a Node.js process runs inside a Docker container or not.
我遇到了同样的问题,并依靠/proc/self/cgroup我创建了一个npm 包来专门用于这个目的——检测 Node.js 进程是否在 Docker 容器内运行。
The containerized npm modulewill help you out in Node.js. It is not currently tested in Io.js but may just as well work there too.
该集装箱NPM模块将帮助你在Node.js的 它目前没有在 Io.js 中测试过,但也可以在那里工作。
回答by larss
On a new ubuntu 16.04 system, new systemd & lxc 2.0
在新的 ubuntu 16.04 系统上,新的 systemd 和 lxc 2.0
sudo grep -qa container=lxc /proc/1/environ
回答by Founder
We use the proc's sched (/proc/$PID/sched) to extract the PID of the process. The process's PID inside the container will differ then it's PID on the host (a non-container system).
我们使用 proc 的 sched (/proc/$PID/sched) 来提取进程的 PID。容器内进程的 PID 将与主机(非容器系统)上的 PID 不同。
For example, the output of /proc/1/sched on a container will return:
例如,容器上 /proc/1/sched 的输出将返回:
root@33044d65037c:~# cat /proc/1/sched | head -n 1
bash (5276, #threads: 1)
While on a non-container host:
在非容器主机上:
$ cat /proc/1/sched | head -n 1
init (1, #threads: 1)
This helps to differentiate if you are in a container or not.
这有助于区分您是否在容器中。
回答by Govind Kailas
Docker is evolving day by day, so we can't say for sure if they are going to keep .dockerenv .dockerinitin the future.
Docker 每天都在发展,所以我们不能确定它们.dockerenv .dockerinit将来是否会保留 。
In most of the Linux flavours initis the first process to start. But in case of containers this is not true.
在大多数 Linux 版本中init是第一个启动的进程。但在容器的情况下,这不是真的。
#!/bin/bash
if ps -p1|grep -q init;then
echo "non-docker"
else
echo "docker"
fi
回答by oNaiPs
A concise way to check for docker in a bash script is:
在 bash 脚本中检查 docker 的简洁方法是:
#!/bin/bash
if grep docker /proc/1/cgroup -qa; then
echo I'm running on docker.
fi
回答by JJC
Handy Python function to check if running in Docker:
检查是否在 Docker 中运行的方便的 Python 函数:
def in_docker():
""" Returns: True if running in a Docker container, else False """
with open('/proc/1/cgroup', 'rt') as ifh:
return 'docker' in ifh.read()
回答by kaiwan
This SO Q&A: "Find out if the OS is running in a virtual environment"; though not the same as the OP's question, it does indeed answer common cases of finding which container you're in (if at all).
此 SO Q&A:“找出操作系统是否在虚拟环境中运行”;尽管与 OP 的问题不同,但它确实回答了查找您所在容器的常见情况(如果有的话)。
In particular, install and read the code of this bash script which seems to work pretty well:
特别是,安装并阅读这个 bash 脚本的代码,它似乎工作得很好:
virt-what:
虚拟什么:
sudo apt install virt-what
