I would like to get the docker container name from within a container. I need this information because I am running a script from the Dockerfile as an ENTRYPOINT that needs to know the node number. I am using the --scale with docker-compose to create a cluster of my image.
I am able to get the hostname of the container which is the container ID. But is there a way to get the container name from inside the container?
Docker remote apis should work for you.
Depending on the version of your docker used appropriate version of remote api. Check this for more info.
I made use of container-inspect api to retrieve the container name.
Follow these steps:
Figure out on which port docker daemon is listening. In my case it was 2375 which is the default port.
$ netstat -anp | grep dockerd
tcp 0 0 :::2375 :::* LISTEN 7/dockerd
tcp 0 0 ::ffff:172.18.0.110:2375 ::ffff:172.18.0.1:29445 ESTABLISHED 7/dockerd
unix 2 [ ACC ] STREAM LISTENING 1242188041 7/dockerd /var/run/docker/metrics.sock
unix 2 [ ACC ] STREAM LISTENING 1242187193 7/dockerd /var/run/docker.sock
unix 2 [ ACC ] STREAM LISTENING 1242186375 7/dockerd /var/run/docker/libnetwork/79ba9bb412445c757dd4cc2fc30c1cbc7efde8482bdc4c1cf15c4ce0e4190752.sock
unix 3 [ ] STREAM CONNECTED 1242187211 7/dockerd
unix 3 [ ] STREAM CONNECTED 1242183625 7/dockerd
unix 3 [ ] STREAM CONNECTED 1242184185 7/dockerd
Run a container and retrieve the container name.
$ docker run -it alpine sh
/ # apk update
/ # apk add curl
/ # apk add jq
/ # curl -s 192.168.0.37:2375/containers/$HOSTNAME/json | jq -r ".Name"
/zen_wescoff
NOTE: Here 192.168.0.37 is the ip of my machine. Also apart from container name you can retrieve lot of information using these docker remote apis.
Sample full output of container-inspect api
/ # curl -s 192.168.0.37:2375/containers/$HOSTNAME/json?pretty=true
{
"Id": "3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9",
"Created": "2019-06-20T09:09:51.258807808Z",
"Path": "sh",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 3824,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-06-20T09:09:53.341188978Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:4d90542f0623c71f1f9c11be3da23167174ac9d93731cf91912922e916bab02c",
"ResolvConfPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/hostname",
"HostsPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/hosts",
"LogPath": "/var/lib/docker/containers/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9/3409974f45bedacd3adbe663679e4eb7a74006483e3a3b04985e5a7cc65229b9-json.log",
"Name": "/jovial_moser",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [0, 0],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"DiskQuota": 0,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": ["/proc/asound", "/proc/acpi", "/proc/kcore", "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/proc/scsi", "/sys/firmware"],
"ReadonlyPaths": ["/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger"]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39-init/diff:/var/lib/docker/overlay2/edb63c15d70f0a29c60f3725ed952dd76439bef4da8915e66ffe6ed1ecf02107/diff",
"MergedDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/merged",
"UpperDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/diff",
"WorkDir": "/var/lib/docker/overlay2/a5f16849169cb7c773f4d204089f8e53daf5b648864846ee1d1f076cef9f8a39/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "3409974f45be",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],
"Cmd": ["sh"],
"Image": "alpine",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "7f41a5043e99bb110e215ac8e13a8a2c37838b25c6a9fa985584ff458c1e52cc",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/7f41a5043e99",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "7aa9f269772edff8a9b7f895d51d6dd472a5820ff56a643134465ab8bff1914e",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "55987078c24843c830172de5c352b00c96cb3f177a349437dd7bee9bd1814e86",
"EndpointID": "7aa9f269772edff8a9b7f895d51d6dd472a5820ff56a643134465ab8bff1914e",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
So in-short you need to know ip for your machine and the port on which docker daemon is listening to retrieve any sort of information from within the container.
Hope this helps, let me know.
Mount the docker socket to your container:
myservice:
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
Then use a lib or directly query the docker api:
curl --unix-socket /var/run/docker.sock http://localhost/containers/json
This will return an array of all the running containers which includes the field:
{ Names: ['/proj_myservice_1', '/proj_myservice_2'] }
If you've scaled your containers up and are looking to communicate with the sibling containers inside a container, docker automatically detects this if you make requests to: http://myservice{:port} from inside your container. Docker will auto-discover the container and route you to a random container.
Related
In short:
I want to remove a docker image, but if I do so it tells me that it cannot be removed because the image is being used by a running container. But as far as I can tell there is no container running at all.
In detail:
I call docker images -a to see call images. This way I determine the Image ID which I want to delete and call docker image rm {ID} where {ID} is the String which should be deleted (it worked for other images so I am pretty confident so far).
I get the response:
Error response from daemon: conflict: unable to delete {ID} (cannot be forced) - image is being used by running container 08815cd48523
(The ID at the end seems to change with every call)
This error appears to be pretty easy to understand, but if I call docker ps -a, it shows me that I do not have a single container running and therefore no container running with the specified ID.
This problem occurs with some images. But all seem to be related to Kubernetes.
Does anyone know what the problem is?
As asked for in the comments hear docker inspect on one of the invisible containers (I replaced all part where I was not sure if it contains sensetive data with "removed_for_post"):
[
{
"Id": "Removed_for_post",
"Created": "2021-10-05T07:04:33.2059908Z",
"Path": "/pause",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 3570,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-10-05T07:04:33.4266642Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c",
"ResolvConfPath": "/var/lib/docker/containers/ Removed_for_post /resolv.conf",
"HostnamePath": "/var/lib/docker/containers/ Removed_for_post /hostname",
"HostsPath": "/var/lib/docker/containers/ Removed_for_post /hosts",
"LogPath": "/var/lib/docker/containers/ Removed_for_post / Removed_for_post -json.log",
"Name": "/k8s_POD_etcd-docker-desktop_kube-system_ Removed_for_post ",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "host",
"PortBindings": {},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": -998,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [
"no-new-privileges"
],
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 2,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "/kubepods/kubepods/besteffort/removed_for_Post",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/ Removed_for_post -init/diff:/var/lib/docker/overlay2/ Removed_for_post /diff",
"MergedDir": "/var/lib/docker/overlay2/Removed_for_post /merged",
"UpperDir": "/var/lib/docker/overlay2/Removed_for_post /diff",
"WorkDir": "/var/lib/docker/overlay2/Removed_for_post /work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "docker-desktop",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": null,
"Image": "k8s.gcr.io/pause:3.2",
"Volumes": null,
"WorkingDir": "/",
"Entrypoint": [
"/pause"
],
"OnBuild": null,
"Labels": {
"annotation.kubeadm.kubernetes.io/etcd.advertise-client-urls": "https://192.168.65.4:2379",
"annotation.kubernetes.io/config.hash": " Removed_for_post ",
"annotation.kubernetes.io/config.seen": "2021-10-05T07:04:32.243805800Z",
"annotation.kubernetes.io/config.source": "file",
"component": "etcd",
"io.kubernetes.container.name": "POD",
"io.kubernetes.docker.type": "podsandbox",
"io.kubernetes.pod.name": "etcd-docker-desktop",
"io.kubernetes.pod.namespace": "kube-system",
"io.kubernetes.pod.uid": "removed for Post",
"tier": "control-plane"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": " Removed_for_post",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/default",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": " Removed_for_post ",
"EndpointID": " Removed_for_post ",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]``
Your container seems to be created by an other tool like docker-compose as I guess it is local on your computer..
Which means you can not stop its creation with docker rm statement easily.
EDIT 1 - Kubernetes
You seems to be using docker desktop
Your container seems to be etcd which is part of kubernetes master system (very important) :
k8s_POD_etcd-docker-desktop_kube-system_ Removed_for_post
So, as it is part of kubernetes components, you should remove it only if you want to not use kubernetes.
By removing kubernetes or etcd pod.
If docker-desktop, should not be a problem.
To summarize, your container is created by a pod which is a resource handled by kubernetes
docker-compose
find your docker-compose directory, usually containers names start with project name and go int its directory.
execute docker-compose down
docker
Try to restart docker daemon,
for instance in a linux based environment :
sudo systemctl restart docker
A reboot of your machine should works too.
Finally you should be able to remove containers as proposed in your question.
This is my information:
➜ ~ docker -v
Docker version 19.03.5, build 633a0ea
➜ ~ uname -ar
Darwin Felixs-iMac.local 19.2.0 Darwin Kernel Version 19.2.0: Sat Nov 9 03:47:04 PST 2019; root:xnu-6153.61.1~20/RELEASE_X86_64 x86_64
when I create a docker with host network mode like this (which is copied from https://docs.docker.com/network/network-tutorial-host/)
docker run --rm -d --network host --name my_nginx nginx
It worked well and I can see the docker is running.
BUT THE PROBLEM IS the port isn't exposed.
when i check with lsof -i:80, there's nothing.
➜ ~ docker run --rm -d --network host --name my_nginx nginx
282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d
➜ ~ lsof -i:80
➜ ~ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
282fe15a16b7 nginx "nginx -g 'daemon of…" About a minute ago Up About a minute
And i inspected the container, everything seems good:
➜ ~ docker inspect my_nginx
[
{
"Id": "282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d",
"Created": "2020-02-26T15:35:58.243963941Z",
"Path": "nginx",
"Args": [
"-g",
"daemon off;"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2238,
"ExitCode": 0,
"Error": "",
"StartedAt": "2020-02-26T15:35:58.39452216Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:2073e0bcb60ee98548d313ead5eacbfe16d9054f8800a32bedd859922a99a6e1",
"ResolvConfPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/hostname",
"HostsPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/hosts",
"LogPath": "/var/lib/docker/containers/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d/282fe15a16b70d7bd38b770fd2b67f0023b8fce1f9852a91af4047ef8f6a3f0d-json.log",
"Name": "/my_nginx",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "host",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": true,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f-init/diff:/var/lib/docker/overlay2/587f9f458f8f0de65434971354636364ff685701fa1f8ba0ba7da4459e22540c/diff:/var/lib/docker/overlay2/1a94586d0949b8305ac14f0934a46149b31db3eb6e7125d7b2965deef318695d/diff:/var/lib/docker/overlay2/ac900d4637ed15f3337e999928ec2a9de2ef4a998f4ce53700a1dffc955d5f0e/diff",
"MergedDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/merged",
"UpperDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/diff",
"WorkDir": "/var/lib/docker/overlay2/062cb6ccb41fb22ba624fb8f93e99e79bcf02cd240fbb4998e47aab1380e015f/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "docker-desktop",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"80/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NGINX_VERSION=1.17.8",
"NJS_VERSION=0.3.8",
"PKG_RELEASE=1~buster"
],
"Cmd": [
"nginx",
"-g",
"daemon off;"
],
"Image": "nginx",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"maintainer": "NGINX Docker Maintainers <docker-maint#nginx.com>"
},
"StopSignal": "SIGTERM"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "be4dc476e331bb8ac857ec069d0aa8383d7700ba5b917c0fed44c59d0b042c99",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/default",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "56456bd40ca98647fed01509408599accfadc7cb0f0077ea884b18fc009801b5",
"EndpointID": "e3e870245e2995fbfbae8706fa2daa19f3bf3d59d11d2f8ce2300f2b84b211e0",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
Anybody can help me ?
If you're using MacOS, then host network mode will not work on it, the reason for that is that docker-desktop uses an underlying Linux Virtual Machine to run the docker containers, so this host mode is only valid for that VM's network and not for the host(MacOS machine).
Still if you want to access a service running on your host machine(MacOS), from your docker container then you need to use the following hostname in order to connect to that service:
host.docker.internal
You'll be using the above hostname in place of localhost or 127.0.0.1.
For further discussion regarding this you check this github issue
I have installed docker toolsbox in windows 10.
I have created a container for mysql for the an application using the docker command as given. I'm able to create it and also able to view it using the docker container ls command, but only for the first time.
The Problem occurs when closing the docker toolsbox and reopen it.
When I issued the docker container ls command, I'm unable to find any of the containers what I have created.
But When I tried to inspect the container I'm able to view the container details.
Attached the screenshot and json details of the container.
Please let me know in case of more information needed.
Docker command for creating the MySQL container
docker run --name mysql-docker-petclinic -e MYSQL_ROOT_PASSWORD=admin -e MYSQL_DATABASE=petclinic -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=admin -p 3306:3306 -d mysql:latest
Inspect Command Details
$ docker container inspect mysql-docker-petclinic
[
{
"Id": "f30f66154b7398bbfd1b65d34afc0d973ecdbe62d0e2cbd654003775d11499e0",
"Created": "2018-02-25T16:28:10.327158448Z",
"Path": "docker-entrypoint.sh",
"Args": [
"mysqld"
],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 255,
"Error": "",
"StartedAt": "2018-02-25T16:28:12.428822667Z",
"FinishedAt": "2018-02-26T04:38:54.98958199Z"
},
"Image": "sha256:f0f3956a9dd825e3195f0d1a4fe17cc94b0f6934fc470b09abf8fad87d17ff24",
"ResolvConfPath": "/mnt/sda1/var/lib/docker/containers/f30f66154b7398bbfd1b65d34afc0d973ecdbe62d0e2cbd654003775d11499e0/resolv.conf",
"HostnamePath": "/mnt/sda1/var/lib/docker/containers/f30f66154b7398bbfd1b65d34afc0d973ecdbe62d0e2cbd654003775d11499e0/hostname",
"HostsPath": "/mnt/sda1/var/lib/docker/containers/f30f66154b7398bbfd1b65d34afc0d973ecdbe62d0e2cbd654003775d11499e0/hosts",
"LogPath": "/mnt/sda1/var/lib/docker/containers/f30f66154b7398bbfd1b65d34afc0d973ecdbe62d0e2cbd654003775d11499e0/f30f66154b7398bbfd1b65d34afc0d973ecdbe62d0e2cbd654003775d11499e0-json.log",
"Name": "/mysql-docker-petclinic",
"RestartCount": 0,
"Driver": "aufs",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"3306/tcp": [
{
"HostIp": "",
"HostPort": "3306"
}
]
},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
30,
120
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Data": null,
"Name": "aufs"
},
"Mounts": [
{
"Type": "volume",
"Name": "7195ae34c4698fbcdf3737962e799e991e0268a33ea6126af8b0e4aa24b2b18e",
"Source": "/mnt/sda1/var/lib/docker/volumes/7195ae34c4698fbcdf3737962e799e991e0268a33ea6126af8b0e4aa24b2b18e/_data",
"Destination": "/var/lib/mysql",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "f30f66154b73",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"3306/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"MYSQL_ROOT_PASSWORD=admin",
"MYSQL_DATABASE=petclinic",
"MYSQL_USERNAME=root",
"MYSQL_PASSWORD=admin",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GOSU_VERSION=1.7",
"MYSQL_MAJOR=5.7",
"MYSQL_VERSION=5.7.21-1debian8"
],
"Cmd": [
"mysqld"
],
"ArgsEscaped": true,
"Image": "mysql:latest",
"Volumes": {
"/var/lib/mysql": {}
},
"WorkingDir": "",
"Entrypoint": [
"docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "0f9a23a942344c2e7c23d425456787db327278dec4601447eb526dfdaa9c3abb",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"3306/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "3306"
}
]
},
"SandboxKey": "/var/run/docker/netns/0f9a23a94234",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "*********************************************************",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "*********************************",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "*********************************************************",
"EndpointID": "*********************************************************",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "*********************************************************",
"DriverOpts": null
}
}
}
}
]
Screenshots
1. Docker ls command
2. Docker Inspect Command Details
------------- UPDATE -------------
docker container ls by default shows only the running container.
closing the docker toolsbox and reopen it
That means all your containers are now in "Exited" state.
Try:
docker container ls --all
See also docker ps -a
http://localhost:4200 doesn't work on host
But server is running inside container
docker exec 697bf01cf064 curl http://0.0.0.0:4200/
<!doctype html>
...
This command
docker-machine ip default
returns
192.168.99.100
http://192.168.99.100:4200 doesn't work too
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
697bf01cf064 wepoll_wepoll-ui-webpack-docker "npm start --host=..." 19 minutes ago Up 19 minutes 0.0.0.0:4200->4200/tcp, 0.0.0.0:49152->49152/tcp wepoll-ui-webpack-docker
EXPOSE 4200 49152 in Dockerfile
networks:
dev-network:
driver: bridge
Network driver - bridge
How to access container server from host? Firewall disabled.
docker inpect 68e5e3524906
[
{
"Id": "68e5e3524906d621f3abc3cdfcb58e740290bb12a2082e44c14e180fecabb111",
"Created": "2017-02-01T16:56:34.52365653Z",
"Path": "npm",
"Args": [
"start",
"--host=0.0.0.0"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4483,
"ExitCode": 0,
"Error": "",
"StartedAt": "2017-02-01T16:56:34.833112923Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:a8aa417d60182b300836ce3f556bf90ae5b71fcf1ef9f76f4ef0d41b461934d1",
"ResolvConfPath": "/mnt/sda1/var/lib/docker/containers/68e5e3524906d621f3abc3cdfcb58e740290bb12a2082e44c14e180fecabb111/resolv.conf",
"HostnamePath": "/mnt/sda1/var/lib/docker/containers/68e5e3524906d621f3abc3cdfcb58e740290bb12a2082e44c14e180fecabb111/hostname",
"HostsPath": "/mnt/sda1/var/lib/docker/containers/68e5e3524906d621f3abc3cdfcb58e740290bb12a2082e44c14e180fecabb111/hosts",
"LogPath": "/mnt/sda1/var/lib/docker/containers/68e5e3524906d621f3abc3cdfcb58e740290bb12a2082e44c14e180fecabb111/68e5e3524906d621f3abc3cdfcb58e740290bb12a2082e44c14e180fecabb111-json.log",
"Name": "/wepoll-ui-webpack-docker",
"RestartCount": 0,
"Driver": "aufs",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "wepoll_dev-network",
"PortBindings": {
"4200/tcp": [
{
"HostIp": "",
"HostPort": "4200"
}
],
"49152/tcp": [
{
"HostIp": "",
"HostPort": "49152"
}
]
},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "aufs",
"Data": null
},
"Mounts": [],
"Config": {
"Hostname": "68e5e3524906",
"Domainname": "",
"User": "app",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"4200/tcp": {},
"49152/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"NPM_CONFIG_LOGLEVEL=info",
"NODE_VERSION=6.6.0",
"HOME=/home/app",
"APP_NAME=wepoll-ui-webpack-docker"
],
"Cmd": [
"npm",
"start",
"--host=0.0.0.0"
],
"Image": "wepoll_wepoll-ui-webpack-docker",
"Volumes": null,
"WorkingDir": "/home/app/wepoll-ui-webpack-docker",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "b1e41fe8d248646d782943b8997d539b910c984b9a862335c080458afd44bd1e",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "wepoll",
"com.docker.compose.service": "wepoll-ui-webpack-docker",
"com.docker.compose.version": "1.10.0"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "7b8e3391317a645ec316183e6d1f8a4865418185598d8088d47f808987006bbf",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"4200/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "4200"
}
],
"49152/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "49152"
}
]
},
"SandboxKey": "/var/run/docker/netns/7b8e3391317a",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"wepoll_dev-network": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"wepoll-ui-webpack-docker",
"68e5e3524906"
],
"NetworkID": "4c5594b896a4050f60133f44e494021aaf5606488d22af963561febb0ee6049b",
"EndpointID": "603c3628945054bd62a9deaa574a782241b544502bb525333f2865da3f705d9a",
"Gateway": "172.19.0.1",
"IPAddress": "172.19.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:13:00:02"
}
}
}
}
]
Debugging:
The fact that you are unable to browse app at ${host_ip}:4200 means that it could be possible that the port is not exposed properly.
But the output for docker ps under the PORTS section has...
0.0.0.0:4200->4200/tcp
...which means that port has been exposed correctly.
Let's check if the port over the container's IP is reachable (to remove any suspicions on firewalls)
The output for docker inspect ${container_id} shows that your container IP is 172.19.0.2 (and also proves that the port bindings are correct). But http://172.19.0.2:4200 is also not reachable.
But you already mentioned that curl 0.0.0.0 inside machine works, but 0.0.0.0, in this context, means "all IP addresses on the local machine" (in fact probably, "all IPv4 addresses on the local machine"), which also includes 127.0.0.1 aka localhost, which doesn't prove that your app is listening on all interfaces.
Now you say that you started the app with --host=0.0.0.0, but I think you can still override it inside the app code.
So, the best case scenario is to inspect how the app server is started.
I have a docker container running Debian jessie on Ubuntu yakkety.
When within the docker (connected via ssh for instance) I am isolated from the host (which is expected). I however realized that dmesg shows me the messages for the host and not for the container. How can it have access to information of its host?
The configuration of the docker container is not special (except that it uses a specific bridge, different from docker0), in particular it does not run in any privileged mode ("Privileged": false below):
root#srv ~# docker inspect minecraft-1-8
[
{
"Id": "748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e",
"Created": "2016-12-01T15:35:05.287672787Z",
"Path": "/usr/bin/supervisord",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 28650,
"ExitCode": 0,
"Error": "",
"StartedAt": "2016-12-15T18:37:08.409564695Z",
"FinishedAt": "2016-12-15T18:37:07.457274028Z"
},
"Image": "sha256:78a2f88d47e29523503c2196ed2faaa3d1039d948d73987edc03b2abd338595d",
"ResolvConfPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/hostname",
"HostsPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/hosts",
"LogPath": "/var/lib/docker/containers/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e/748cfdfbf3fb5526cb7151cbc0857117af3c7bd8ab9e086c4f2efb897290d66e-json.log",
"Name": "/minecraft-1-8",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "docker",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir": "/var/lib/docker/overlay/e78ce9dbcedd6974429a4aada8f38913b7d35da41f586f203dd99a568f38b6c3/root",
"MergedDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/merged",
"UpperDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/upper",
"WorkDir": "/var/lib/docker/overlay/e8422e4707d95db8ea747af2367626cc8bf16e95f8eb05dfad9a63461c9ade86/work"
}
},
"Mounts": [],
"Config": {
"Hostname": "minecraft-1-8",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/usr/bin/supervisord"
],
"Image": "minecraft",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "cf411634babad31138ab4572b9cd7306f74a54dd1baf4cd8d7706d7e7020c594",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/cf411634baba",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"docker": {
"IPAMConfig": {
"IPv4Address": "10.200.0.100"
},
"Links": null,
"Aliases": [
"748cfdfbf3fb"
],
"NetworkID": "7b20560b36032d36ffe6c0ebece6b4408355d207f4e203a2957b0434ee0afdc1",
"EndpointID": "9fa4fc914dfe76022ce0db02e48a7e7c85c57bc2a15b0b3e5d81b1f24d95f376",
"Gateway": "10.200.0.1",
"IPAddress": "10.200.0.100",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:0a:c8:00:64"
}
}
}
}
]
In most distro's dmesg is not a privileged command. Any user can use the klogctl interface to read the kernel ring buffer.
$ id
uid=1001(matt) gid=1001(matt) groups=1001(matt)
$ dmesg | head -1
[ 0.000000] Initializing cgroup subsys cpuset
But can't do anything beyond read
$ dmesg -C
dmesg: klogctl failed: Operation not permitted
Which extends to Docker
$ sudo docker run debian dmesg | head -1
[ 0.000000] Initializing cgroup subsys cpuset
$ sudo docker run debian dmesg -C
dmesg: klogctl failed: Operation not permitted
Restricting access
You can restrict read access down to root users and those with the CAP_SYSLOG or CAP_SYS_ADMIN capabilities via /proc/sys/kernel/dmesg_restrict.
$ echo 1 > /proc/sys/kernel/dmesg_restrict
Then you should be getting a permission denied message:
$ docker run ubuntu:yakkety dmesg
dmesg: read kernel buffer failed: Operation not permitted
Running a container in privileged mode will then regain access to the hosts kernel ring buffer
$ docker run --privileged ubuntu:yakkety dmesg
[146902.131915] br-fa26f1dc96a1: port 3(veth80d3d5d) entered disabled state
...
Use sysctl to configure kernel.dmesg_restrict=1 if you need it permanently.
Namespacing
As to why the kernel log doesn't have name spacing like other kernel areas, I think the answer is "it's difficult". There's more detail than you'd care to know in this 2012 Stepping closer to practical containers: "syslog" namespaces LWN post. I can't see any reference's to it getting any further than proposed patches: https://lwn.net/Articles/562389/ https://lwn.net/Articles/561271/. As you can see in this recent netfilter patch, they have a work around to allow rules in a container name space to use the global log.