How to know a process is running under docker?

Question

I may be asking a very beginner level question but I need a way to distinguish process under docker and that under non-docker in a box. The 'ps' command command output gives me a feeling that process is running in linux box and cannot confirm if same is under hood of docker.

In the same context is it possible / feasible that process under docker be started with docker root file system.

Is the same feasible or there any other solution for same?

Answer 1

You can identify Docker process via the process tree on the Docker host (or on the VM if using docker for mac/windows)

The parent process to 2924(haproxy) is 2902
The parent process to 2902(haproxy-start) is 2881
2881 will be docker-container which is managed by a dockerd process

To view your process listing in a tree format use ps -ejH or pstree (available in the psmisc package)

To get a quick list of whats running under dockerd

/ # pstree $(pgrep dockerd)
dockerd-+-docker-containe-+-docker-containe-+-java---17*[{java}]
        |                 |                 `-8*[{docker-containe}]
        |                 |-docker-containe-+-sinopia-+-4*[{V8 WorkerThread}]
        |                 |                 |         |-{node}
        |                 |                 |         `-4*[{sinopia}]
        |                 |                 `-8*[{docker-containe}]
        |                 |-docker-containe-+-node-+-4*[{V8 WorkerThread}]
        |                 |                 |      `-{node}
        |                 |                 `-8*[{docker-containe}]
        |                 |-docker-containe-+-tinydns
        |                 |                 `-8*[{docker-containe}]
        |                 |-docker-containe-+-dnscache
        |                 |                 `-8*[{docker-containe}]
        |                 |-docker-containe-+-apt-cacher-ng
        |                 |                 `-8*[{docker-containe}]
        |                 `-20*[{docker-containe}]
        |-2*[docker-proxy---6*[{docker-proxy}]]
        |-docker-proxy---5*[{docker-proxy}]
        |-2*[docker-proxy---4*[{docker-proxy}]]
        |-docker-proxy---8*[{docker-proxy}]
        `-28*[{dockerd}]

Show the parents of a PID (-s)

/ # pstree -aps 3744 
init,1      
  `-dockerd,1721 --pidfile=/run/docker.pid -H unix:///var/run/docker.sock --swarm-default-advertise-addr=eth0
      `-docker-containe,1728 -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim ...
          `-docker-containe,3711 8d923b3235eb963b735fda847b745d5629904ccef1245d4592cc986b3b9b384a...
              `-java,3744 -Dzookeeper.log.dir=. -Dzookeeper.root.logger=INFO,CONSOLE -cp/zookeeper/bin/../build/cl
                  |-{java},4174
                  |-{java},4175
                  |-{java},4176
                  |-{java},4177
                  |-{java},4190
                  |-{java},4208
                  |-{java},4209
                  |-{java},4327
                  |-{java},4328
                  |-{java},4329
                  |-{java},4330
                  |-{java},4390
                  |-{java},4416
                  |-{java},4617
                  |-{java},4625
                  |-{java},4629
                  `-{java},4632

Show all children of docker, including namespace changes (-S):

/ # pstree -apS $(pgrep dockerd) 
dockerd,1721 --pidfile=/run/docker.pid -H unix:///var/run/docker.sock --swarm-default-advertise-addr=eth0
  |-docker-containe,1728 -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim ...
  |   |-docker-containe,3711 8d923b3235eb963b735fda847b745d5629904ccef1245d4592cc986b3b9b384a...
  |   |   |-java,3744,ipc,mnt,net,pid,uts -Dzookeeper.log.dir=. -Dzookeeper.root.logger=INFO,CONSOLE -cp/zookeeper/bin/../build/cl
  |   |   |   |-{java},4174
  |   |   |   |-{java},4175
  |   |   |   |-{java},4629
  |   |   |   `-{java},4632
  |   |   |-{docker-containe},3712
  |   |   `-{docker-containe},4152
  |   |-docker-containe,3806 49125f8274242a5ae244ffbca121f354c620355186875617d43876bcde619732...
  |   |   |-sinopia,3841,ipc,mnt,net,pid,uts                                                           
  |   |   |   |-{V8 WorkerThread},4063
  |   |   |   |-{V8 WorkerThread},4064
  |   |   |   |-{V8 WorkerThread},4065
  |   |   |   |-{V8 WorkerThread},4066
  |   |   |   |-{node},4062
  |   |   |   |-{sinopia},4333
  |   |   |   |-{sinopia},4334
  |   |   |   |-{sinopia},4335
  |   |   |   `-{sinopia},4336
  |   |   |-{docker-containe},3814
  |   |   `-{docker-containe},4038
  |   |-docker-containe,3846 2a756d94c52d934ba729927b0354014f11da6319eff4d35880a30e72e033c05d...
  |   |   |-node,3910,ipc,mnt,net,pid,uts lib/dnsd.js
  |   |   |   |-{V8 WorkerThread},4204
  |   |   |   |-{V8 WorkerThread},4205
  |   |   |   |-{V8 WorkerThread},4206
  |   |   |   |-{V8 WorkerThread},4207
  |   |   |   `-{node},4203

Answer 2

The command lxc-ls and the command lxc-ps may be installable on your Linux distribution. This will allow you to list the running LXC containers and the processes running within those containers respectively. You should be able to link the output from lxc-ls to lxc-ps using streams and get a list of all containerized processes.

The big caveat is that you specified Docker and not every Docker instance is running on LXC nor is it necessarily a localhost process. Docker defines an API that can be called to list remote Docker instances, so this technique will not help with enumerating processes on remote machines as well.