1 |
Hi! |
2 |
|
3 |
It looks like when connecting to existing docker container with `docker |
4 |
exec` CONFIG_GRKERNSEC_PROC_USERGROUP (and probably |
5 |
CONFIG_GRKERNSEC_PROC_USER too) hide processes started by `docker run` |
6 |
from processes started by `docker exec` (all processes are running as |
7 |
docker "root", docker daemon is started with default options, i.e. without |
8 |
--userns-remap). |
9 |
|
10 |
Why is this happens and is there any workaround? |
11 |
|
12 |
|
13 |
$ sudo zgrep GRKERNSEC_PROC_USER /proc/config.gz |
14 |
# CONFIG_GRKERNSEC_PROC_USER is not set |
15 |
CONFIG_GRKERNSEC_PROC_USERGROUP=y |
16 |
|
17 |
$ docker run -d -it --rm --init alpine sh -c 'ps ax; exec sleep 42' |
18 |
49bec4451495563d702ad0edb9a7c80a9a7f5918fab4eb67e5a44b803f3ac656 |
19 |
|
20 |
$ docker logs 49bec4451495 |
21 |
PID USER TIME COMMAND |
22 |
1 root 0:00 /dev/init -- sh -c ps ax; exec sleep 42 |
23 |
7 root 0:00 sh -c ps ax; exec sleep 42 |
24 |
8 root 0:00 ps ax |
25 |
|
26 |
$ docker exec -it 49bec4451495 ps ax |
27 |
PID USER TIME COMMAND |
28 |
9 root 0:00 ps ax |
29 |
|
30 |
-- |
31 |
WBR, Alex. |