How to access Docker namespace?

It is never recommended to install openssh-server on the container for just mere shell access. It is always suggested to keep your container lightweight rather than dumping layer after layer to Docker image. That affects the speed on which Docker containers work.

Today we are going to look at a tool called nsenter which helps in accessing the container.nsenter is a small tool allowing to enter into namespaces. Technically, it can enter existing namespaces, or spawn a process into a new set of namespaces.

Let’s try hands on with nsenter, starting with the installation of this tool.

~]# docker run -v /usr/local/bin:/target jpetazzo/nsenter
Unable to find image ‘jpetazzo/nsenter:latest’ locally
Pulling repository jpetazzo/nsenter
5b5e2a9ac1ed: Download complete
39bb80489af7: Download complete
df2a0347c9d0: Download complete
f1832acc3426: Download complete
583dc530ffc5: Download complete
d2e281974a6c: Download complete
1163cc921b8d: Download complete
ddce93d8b3b0: Download complete
e9517c1eb80c: Download complete
ff3960a5eba2: Download complete
b2679efcfacc: Download complete
c098590e3285: Download complete
5c95da16f5fc: Download complete
a573b1fe27d5: Download complete
cb98c725f79b: Download complete
a65dda0b4d00: Download complete
cd357b02e2c5: Download complete
b523f9bb0eb3: Download complete
919e39552773: Download complete
7d8d6f61f978: Download complete
Status: Downloaded newer image for jpetazzo/nsenter:latest
Installing nsenter to /target
Installing docker-enter to /target
Installing importenv to /target
[root@localhost ~]#
Let us find what containers are running currently:

[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES

There is no container running. Let’s start a container:
[root@localhost ~]# docker run -it fd44297e2ddb /bin/bash [root@10028f741e90 /]#
[root@localhost ~]#

Press Ctrl P + Q to come out of the shell without stopping the container.

Verify that the container is running now:

[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
10028f741e90 centos:7 “/bin/bash” 6 seconds ago Up 5 seconds
nostalgic_bohr

Run the below command to fetch the PID for the container

[root@localhost ~]# PID=$(docker inspect –format {{.State.Pid}} 10028f741e90)

Verify if the PID variable is effective:

[root@localhost ~]# echo $PID
8480

Finally run the nsenter utility on the host machine to access the namespace:

[root@localhost ~]# nsenter –target $PID –mount –uts –ipc –net –pid
[root@10028f741e90 /]#

Here you go, entered into container shell without any hiccups.

Leave a Reply

Your email address will not be published. Required fields are marked *