Spread the love


It is never recommended to install openssh-server on the container for just mere shell access. It is always suggested to keep your container lightweight rather than dumping layer after layer to Docker image. That affects the speed on which Docker containers work.

Today we are going to look at a tool called nsenter which helps in accessing the container.nsenter is a small tool allowing to enter into namespaces. Technically, it can enter existing namespaces, or spawn a process into a new set of namespaces.

Let’s try hands on with nsenter, starting with the installation of this tool.

~]# docker run -v /usr/local/bin:/target jpetazzo/nsenter
Unable to find image ‘jpetazzo/nsenter:latest’ locally
Pulling repository jpetazzo/nsenter
5b5e2a9ac1ed: Download complete
39bb80489af7: Download complete
df2a0347c9d0: Download complete
f1832acc3426: Download complete
583dc530ffc5: Download complete
d2e281974a6c: Download complete
1163cc921b8d: Download complete
ddce93d8b3b0: Download complete
e9517c1eb80c: Download complete
ff3960a5eba2: Download complete
b2679efcfacc: Download complete
c098590e3285: Download complete
5c95da16f5fc: Download complete
a573b1fe27d5: Download complete
cb98c725f79b: Download complete
a65dda0b4d00: Download complete
cd357b02e2c5: Download complete
b523f9bb0eb3: Download complete
919e39552773: Download complete
7d8d6f61f978: Download complete
Status: Downloaded newer image for jpetazzo/nsenter:latest
Installing nsenter to /target
Installing docker-enter to /target
Installing importenv to /target
[root@localhost ~]#
Let us find what containers are running currently:

[root@localhost ~]# docker ps

There is no container running. Let’s start a container:
[root@localhost ~]# docker run -it fd44297e2ddb /bin/bash [root@10028f741e90 /]#
[root@localhost ~]#

Press Ctrl P + Q to come out of the shell without stopping the container.

Verify that the container is running now:

[root@localhost ~]# docker ps
10028f741e90 centos:7 “/bin/bash” 6 seconds ago Up 5 seconds

Run the below command to fetch the PID for the container

[root@localhost ~]# PID=$(docker inspect –format {{.State.Pid}} 10028f741e90)

Verify if the PID variable is effective:

[root@localhost ~]# echo $PID

Finally run the nsenter utility on the host machine to access the namespace:

[root@localhost ~]# nsenter –target $PID –mount –uts –ipc –net –pid
[root@10028f741e90 /]#

Here you go, entered into container shell without any hiccups.

Spread the love
Categories: Docker

Ajeet Raina

My name is Ajeet Singh Raina and I am an author of this blogging site. I am a Docker Captain, ARM Innovator & Docker Bangalore Community Leader. I bagged 2 special awards last year(2019): Firstly, “The Tip of Captain’s Hat Award” at Dockercon 2019, San Francisco, and secondly, “2019 Docker Community Award“. I run Collabnix Community Slack with over 5300+ audience . I have built popular GITHUB repositories like DockerLabs, KubeLabs, Kubetools, RedisPlanet Terraform etc. with the support of Collabnix Community. Currently working as Developer Relations Manager at Redis Labs where I help customers and community members adopt Redis. With over 12,000+ followers over LinkedIn & close to 5100+ twitter followers, I like sharing Docker and Kubernetes related content . You can follow me on Twitter(@ajeetsraina) & GitHub(@ajeetraina)


Leave a Reply

Your email address will not be published. Required fields are marked *

Join Collabnix SlackIt's 100% FREE!

Get chance to chat with 5500+ DevOps Engineers !