Now, the container pid that is get by docker inspect -f '{{.State.Pid}}' [container_id] is the pid of shim process, and the shim process is in the host netwok namespace.
In some case, we should get the netwok namespace of container via the container pid (e.g. dockershim), so I think the shim process should be in the container network namespace like VM process.
Now, the container pid that is get by
docker inspect -f '{{.State.Pid}}' [container_id]is the pid of shim process, and the shim process is in the host netwok namespace.In some case, we should get the netwok namespace of container via the container pid (e.g. dockershim), so I think the shim process should be in the container network namespace like VM process.
/cc @sboeuf @sameo