LXD UserId Container Mapping


(Gabriel Marais) #1

On my host server, when doing an HTOP I can see some processes belonging to a UserID like 100112 - Which as I understand it, belongs to a specific container.

How do I find out which container maps to a specific UserID?

Many Thanks, Gabriel


(St├ęphane Graber) #2

You can't. Unless you're running with security.isolated.idmap (assuming LXD), containers don't each have their own range, so you can't track down a container based on owning uid/gid of a process.

In your example, you're probably dealing with a default container range of 100000 to 165535, meaning that the process you saw as uid 100112 on the host is running in one of your containers as uid 112 inside the container.

To track down the container for a given process, you can look at the process tree which should show you a "[lxc monitor]" process which includes the container name and path, or you can look at the process' cgroups which will include the contianer name in the cgroup path.