From the host:
ps aux | grep java
me@my-host:~/elastic-search-group$ ps aux | grep java
smmsp 20473 106 6.3 4664740 257368 ? Ssl 17:48 0:09 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true -Des.path.home=/usr/share/elasticsearch -cp /usr/share/elasticsearch/lib/elasticsearch-2.3.4.jar:/usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch start
Then exec into the container:
docker exec -it 473 /bin/bash
And look at the processes:
root@473c4548b06f:/usr/share/elasticsearch# ps aux | grep java
elastic+ 1 14.0 6.3 4671936 257372 ? Ssl 17:48 0:10 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Djna.nosys=true -Des.path.home=/usr/share/elasticsearch -cp /usr/sh
From the host:
sudo kill -9 20473
ends up killing the docker container.
Now, I may be mistaken, but I thought there was complete process segregation? Is this supposed to bleed out to the host?
The ps aux command is a tool to monitor processes running on your Linux system. A process is associated with any program running on your system, and is used to manage and monitor a program's memory usage, processor time, and I/O resources.
Like it was mentioned, if you are already inside of a container, then just use ps -eaf command to see the running processes. By the way, it is recommended to have one user application / process per container.
Yes this is quite normal, the pid inside the container, or, atleast the MAIN pid will always be 1. But since docker uses the kernel on the host, and not its own, you will see it in ps command on the host.
The container is isolated from the host, the host is not isolated from the container. So from the host, you can see the files, network connections, network interfaces, processes, etc, that are used inside the container. But from the container, you can only see what's in the container (barring any privilege escalation configured in the run command).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With