Why processes running inside the container are visible outside the container on host machine?

Hello,

I have my LXC container running on ubuntu-20.04 machine. Many processed are running inside the container. On running “top” and “ps” command inside the container I can see the processes running inside the container with specific PID.

If I use the “ps” commands (for any process running inside the container) on host i.e outside the container I could see the processes running inside the container but with different PIDs. It looks something like those processes are running on my host machine. And, If I stop my container and check with the “ps” command then the process will also disappear on host machine.

I am not understanding how and why does this is happening actually. Hoe really the processes inside the container are mapped? Is this really normal to see the process outside the container with different PID?

On using “ps -eaf” command I could see all the processes that are running inside the conrtainers are being shown on the host machine with differrent username something like “1000000”.

$: ps -eaf

on host machine:

#: ps -eaf

inside the container

Here we could see that same processes both inside the container and on host machine but with different PID and user. Is container really performing the virtualization here?

Can anybody help me on understanding this scenario? Any inputs will help me a lot.

Regards,
Siddhartha V

Yes this is normal. LXC containers are not virtualisation of hardware, and so there is a single kernel that is running all of the processes.

LXC uses Linux namespaces to provide the simulation of different “systems” and this is what you can see here with the translation of process IDs inside and outside of the container.

1 Like

Hello @tomp,

Thank you for the reply. It is useful info. May I know where can I get detailed info to read the entire LXC structure and process details please. I googled it but I couldn’t get the specific data so your inputs will help me.

Regards,
Siddhartha V

I think you should read up on Linux namespaces. Here is an article that might help you https://www.redhat.com/sysadmin/7-linux-namespaces

Hello @dontlaugh,

Thank you. Will look into it.

regards,
Siddhartha V