Reprint Please specify http://blog.csdn.net/yeasy/article/details/41694797
People familiar with Linux know that containers are just processes that use namespaces for isolation, and that Docker takes advantage of Linux's own technology in container implementations.
Sometimes we need to do something about the container on the host, and of course, this way of bypassing Docker is not recommended.
If you are using a newer version of Docker, you will find it awkward to use the system commands directly and you will not be able to access the container namespace.
Here, first introduce the next IP netns series command. These commands are responsible for the network namespaces in the operating system.
First, we use the Add command to create a temporary network namespace
$ip netns Add test
Then, using the Show command to view the network namespaces in your system, you will see the test namespace you just created.
$ip netns Show
test
In addition, a useful command is exec, which executes the command within the corresponding namespace. For example
$ IP netns exec test ifconfig
Use the del command to delete the test namespace you just created.
$ip netns del Test
Next, run a Docker container, for example
$ docker run-it Ubuntu
Execute the IP netns show command again. Unfortunately, there is no output here.
The reason is that the Docker launches the container and still creates a new namespace with the process number, but in the newer version, the namespace information file on the system is deleted by default.
The network namespace file is located under/var/run/netns, such as the test namespace we created earlier, and there is a test file in this directory. System commands such as Netns rely on these files to obtain information about namespaces.
After the container is started, look at this directory and you will find nothing.
OK, let's rebuild it manually.
First, use the following command to view the container process information, such as the 1234here.
$ docker Inspect--format= ' {{. State.pid}} ' $container _id
1234
Next, under the/proc directory (all relevant information for the save process), link the corresponding network namespace file to/var/run/netns below
$ ln-s/proc/1234/ns/net/var/run/netns/1234
You can then view or access the container's namespace through normal system commands. For example
$ip netns Show
1234
$ IP netns exec 1234 ifconfig eth0 172.16.0.10/16 ...