--pid=host To Set through DockerFile

Question

I am trying to use the jmap to collect the heapdump. And the application is containerized and lauched on a EC2 Instance. To generate the heapdump the PID got assigned to the java process is "1" and jmap is not able to communicate with the process.

If i use the --pid=host in the docker run command, the process inside the container is using the host's PID namespace and process id getting assigned to the java application as "3456" and for this i am able to generate the heapdump.

Now i want to automate the process of --pid=host through docker file or some other way to set the container to use the host PID namespace.

Is there a way to do it ?

Answer 1

In the Dockerfile? No, you can't specify that.

There are a number of options that can only be specified in the docker run command. In general the defaults for things are that a container is as isolated from the host as is reasonable, and can't access the host filesystem, network details, etc. without explicitly being granted permission by the operator.

"Use the host pid namespace" is one of these options: using --pid host allows the container process to see every other process running on the host. (Compare docker run --rm busybox ps with and without the option.) As a security constraint this is not allowed to be set "on" by default.

Answer 2

You can put pid: "host" in your docker-compose.yml file to make it work. It's documented here.

pid: "host"

Sets the PID mode to the host PID mode. This turns on sharing between container and the host operating system the PID address space. Containers launched with this flag can access and manipulate other containers in the bare-metal machine’s namespace and vice versa.