DEV Community

Mark Nefedov
Mark Nefedov

Posted on

Debugging Containers Without Shell Access: Quick Tips

1. Run Commands Inside the Container’s Namespace

Every container runs in isolated namespaces. Use nsenter to "enter" these namespaces from the host:

# Get the container’s PID (Docker example)
PID=$(docker inspect -f '{{.State.Pid}}' your_container)  

# Inspect processes inside the container’s PID namespace
sudo nsenter -p -t $PID ps aux  

# Check network sockets in the container’s network namespace
sudo nsenter -n -t $PID ss -tnlp  
Enter fullscreen mode Exit fullscreen mode

Replace ps or ss with any host-installed tool (e.g., tcpdump, strace).

2. Access Container Files via /proc

Container filesystems are mounted under /proc/$PID/root:

# View container files
ls /proc/$PID/root/etc/nginx/  

# Edit configs directly from the host
vim /proc/$PID/root/app/config.yaml  
Enter fullscreen mode Exit fullscreen mode

Why This Works

https://www.man7.org/linux/man-pages/man7/namespaces.7.html

Top comments (0)