/ container

How to access docker containers with nsenter

Since the 0.9 version, Docker is shipped with the libcontainer execution driver and the containers can be accessed with the nsenter util (e.g. you don't need to install SSH in a container anymore!).

Nsenter is included in the util-linux package, from version 2.23.

If your distribution has an older versione of util-linux, you can compile it:

~$ curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz | tar -zxf-
~$ cd util-linux-2.24
~$ ./configure --without-ncurses
~$ make nsenter
~$ sudo cp nsenter /usr/local/bin

To enter a container you need to know its pid, which can be found with docker inspect knowing its ID:

~$ PID=$(docker inspect --format '{{.State.Pid}}' CONTAINER_ID)

Using the PID you can then enter the container:

~$ sudo nsenter --target $PID --mount --uts --ipc --net --pid /bin/bash

If you don't specify which program launch inside the container, ${SHELL} is run. I prefer to specify it (/bin/bash) because I use ZSH but I don't usually want to to install it inside the containers.