Difference in output from top command and iterating through task list of css_set:- when i itearate through list of css set containining taks i get only two tasks which is bash and the process used for getting the task list, while top shows there are many tasks.

[praf111]

The template below is mostly useful for bug reports and support questions. Feel free to remove anything which doesn't apply to you and add more information where it makes sense.

Required information

• Distribution:
• Distribution version:
• The output of "lxc info" or if that fails:
  • Kernel version:
  • LXC version:
  • LXD version:
  • Storage backend in use:

Issue description

A brief description of what failed or what could be improved.

Steps to reproduce

1. Step one
2. Step two
3. Step three

Information to attach

• [ ] any relevant kernel output (dmesg)
• [ ] container log (lxc info NAME --show-log)
• [ ] main daemon log (/var/log/lxd.log)
• [ ] output of the client with --debug
• [ ] output of the daemon with --debug css = task_css_set(current); list_for_each(p, &css->tasks) { / p points to an entry in the list / / my points to the structure in which the list is embedded / tasks = list_entry(p, struct task_struct, cg_list);//returns the task_struct of each process in css_set Info[i].id=task_tgid_vnr(tasks);//return the pid in current namespace strncpy (Info[i].name,tasks->comm, TASK_COMM_LEN); printk(KERN_INFO"PID : %d\nNAME=%s\n", Info[i].id,Info[i].name); i=i+1;
  } output:- pid name 432 bash 456 test

[stgraber]

That's because exec sessions aren't children of pid 1 in containers, they are their own pid tree.

So if your tool goes up the tree based on PPID (which your output suggests), it won't see the most of the processes.

[praf111]

Ok thanks, then how can i get handle over all the processes inside container using kernel API?

[stgraber]

Just iterate through /proc

[praf111]

Actually i am trying to write a system call explicitly for containers, so i need some mechanism to distinguish between tasks of different containers (and also recognize all the tasks of particular container ). so when i use the task list provided by css_set i am not getting all the processes that belong to particular container, so i would like to know any API(in kernel space) provided by kernel so that i can handle over all the processes of particular container. i think iterating over /proc is fine at user level.

[stgraber]

So first of all, note that there are absolutely no concept of containers in the Linux kernel, so if you intend to submit upstream code that's aware of "containers", expect to have to rethink your design.

Containers tasks are tied together by a PID namespace. So you'd need to grab hold of the PID namespace for PID 1 in the container and then look at all the other tasks inside that namespace. I'm not sure what the functions inside the kernel are for that though. I've only ever played with the functions that convert PIDs back and forth in there.

Also note that the PID namespace is hierarchical so two processes that are "inside" the container may in fact be in different PID namespaces with one being in a children namespace. That's what happens when you run nested containers or when various software use pid namespaces as a security measure (systemd, chrome, ...).

[stgraber]

Closing as this isn't a LXD issue (nor a container issue even) but a question about the PID namespace implementation in the Linux kernel which may be better answered on containers@lists.linuxfoundation.org.

[praf111]

Ok, thank you very much.