{"id":2373,"date":"2022-08-23T16:44:49","date_gmt":"2022-08-23T08:44:49","guid":{"rendered":"https:\/\/199604.com\/?p=2373"},"modified":"2022-08-23T16:44:49","modified_gmt":"2022-08-23T08:44:49","slug":"linux-nsenter%e5%91%bd%e4%bb%a4%e4%bd%bf%e7%94%a8","status":"publish","type":"post","link":"https:\/\/199604.com\/2373","title":{"rendered":"Linux-nsenter\u547d\u4ee4\u4f7f\u7528"},"content":{"rendered":"

linux-nsenter\u547d\u4ee4\u4f7f\u7528<\/h1>\n

\u7b80\u4ecb<\/h2>\n

nsenter<\/strong>\u547d\u4ee4\u662f\u4e00\u4e2a\u53ef\u4ee5\u5728\u6307\u5b9a\u8fdb\u7a0b\u7684\u547d\u4ee4\u7a7a\u95f4\u4e0b\u8fd0\u884c\u6307\u5b9a\u7a0b\u5e8f\u7684\u547d\u4ee4<\/strong>\u3002\u5b83\u4f4d\u4e8eutil-linux<\/code>\u5305\u4e2d\u3002<\/p>\n

\u7528\u9014<\/h3>\n

\u4e00\u4e2a\u6700\u5178\u578b\u7684\u7528\u9014\u5c31\u662f\u8fdb\u5165\u5bb9\u5668\u7684\u7f51\u7edc\u547d\u4ee4\u7a7a\u95f4<\/strong>\u3002\u76f8\u5f53\u591a\u7684\u5bb9\u5668\u4e3a\u4e86\u8f7b\u91cf\u7ea7\uff0c\u662f\u4e0d\u5305\u542b\u8f83\u4e3a\u57fa\u7840\u7684\u547d\u4ee4\u7684\uff0c\u6bd4\u5982\u8bf4ip address\uff0cping\uff0ctelnet\uff0css,tcpdump<\/code>\u7b49\uff0c\u8fd9\u5c31\u7ed9\u8c03\u8bd5\u5bb9\u5668\u7f51\u7edc\u5e26\u6765\u76f8\u5f53\u5927\u7684\u56f0\u6270\uff1a\u53ea\u80fd\u901a\u8fc7docker inspect ContainerID\u547d\u4ee4\u83b7\u53d6\u5230\u5bb9\u5668IP\uff0c\u4ee5\u53ca\u65e0\u6cd5\u6d4b\u8bd5\u548c\u5176\u4ed6\u7f51\u7edc\u7684\u8fde\u901a\u6027\u3002\u8fd9\u65f6\u5c31\u53ef\u4ee5\u4f7f\u7528nsenter\u547d\u4ee4\u4ec5\u8fdb\u5165\u8be5\u5bb9\u5668\u7684\u7f51\u7edc\u547d\u540d\u7a7a\u95f4<\/strong>\uff0c\u4f7f\u7528\u5bbf\u4e3b\u673a\u7684\u547d\u4ee4<\/strong>\u8c03\u8bd5\u5bb9\u5668\u7f51\u7edc\u3002<\/p>\n

\u7528\u6cd5<\/h3>\n
[root@nacos1 ~]# nsenter --help\n\n\u7528\u6cd5\uff1a\n nsenter [options] <program> [<argument>...]\n\nRun a program with namespaces of other processes.\n\n\u9009\u9879\uff1a\n -t, --target <pid>     \u8981\u83b7\u53d6\u540d\u5b57\u7a7a\u95f4\u7684\u76ee\u6807\u8fdb\u7a0b\n -m, --mount[=<file>]   enter mount namespace #\u8fdb\u5165mount\u547d\u4ee4\u7a7a\u95f4\u3002\u5982\u679c\u6307\u5b9a\u4e86file\uff0c\u5219\u8fdb\u5165file\u7684\u547d\u4ee4\u7a7a\u95f4\n -u, --uts[=<file>]     enter UTS namespace (hostname etc) #\u8fdb\u5165uts\u547d\u4ee4\u7a7a\u95f4\u3002\u5982\u679c\u6307\u5b9a\u4e86file\uff0c\u5219\u8fdb\u5165file\u7684\u547d\u4ee4\u7a7a\u95f4\n -i, --ipc[=<file>]     enter System V IPC namespace # \u8fdb\u5165ipc\u547d\u4ee4\u7a7a\u95f4\u3002\u5982\u679c\u6307\u5b9a\u4e86file\uff0c\u5219\u8fdb\u5165file\u7684\u547d\u4ee4\u7a7a\u95f4\n -n, --net[=<file>]     enter network namespace # \u8fdb\u5165net\u547d\u4ee4\u7a7a\u95f4\u3002\u5982\u679c\u6307\u5b9a\u4e86file\uff0c\u5219\u8fdb\u5165file\u7684\u547d\u4ee4\u7a7a\u95f4\n -p, --pid[=<file>]     enter pid namespace # \u8fdb\u5165pid\u547d\u4ee4\u7a7a\u95f4\u3002\u5982\u679c\u6307\u5b9a\u4e86file\uff0c\u5219\u8fdb\u5165file\u7684\u547d\u4ee4\u7a7a\u95f4\n -U, --user[=<file>]    enter user namespace # \u8fdb\u5165user\u547d\u4ee4\u7a7a\u95f4\u3002\u5982\u679c\u6307\u5b9a\u4e86file\uff0c\u5219\u8fdb\u5165file\u7684\u547d\u4ee4\u7a7a\u95f4\n -S, --setuid <uid>     set uid in entered namespace # \u8bbe\u7f6e\u8fd0\u884c\u7a0b\u5e8f\u7684uid\n -G, --setgid <gid>     set gid in entered namespace # \u8bbe\u7f6e\u8fd0\u884c\u7a0b\u5e8f\u7684gid\n     --preserve-credentials do not touch uids or gids\n -r, --root[=<dir>]     set the root directory # \u8bbe\u7f6e\u6839\u76ee\u5f55\n -w, --wd[=<dir>]       set the working directory # \u8bbe\u7f6e\u5de5\u4f5c\u76ee\u5f55\n -F, --no-fork          \u6267\u884c <\u7a0b\u5e8f> \u524d\u4e0d fork\n -Z, --follow-context   set SELinux context according to --target PID\n\n -h, --help     \u663e\u793a\u6b64\u5e2e\u52a9\u5e76\u9000\u51fa\n -V, --version  \u8f93\u51fa\u7248\u672c\u4fe1\u606f\u5e76\u9000\u51fa\n\n\u66f4\u591a\u4fe1\u606f\u8bf7\u53c2\u9605 nsenter(1)\u3002\n<\/code><\/pre>\n
\u5b89\u88c5<\/h2>\n
\n  util-linux \u662f\u4e00\u4e2a\u5f00\u653e\u6e90\u7801\u7684\u8f6f\u4ef6\u5305\uff0c\u662f\u4e00\u4e2a\u5bf9\u4efb\u4f55 Linux \u7cfb\u7edf\u7684\u57fa\u672c\u5de5\u5177\u5957\u4ef6\u3002\u542b\u6709\u4e00\u4e9b\u6807\u51c6 Unix \u5de5\u5177\uff0c\u5982 login\u3002
\n  util-linux \u8f6f\u4ef6\u5305\u5305\u542b\u8bb8\u591a\u5de5\u5177\u3002\u5176\u4e2d\u6bd4\u8f83\u91cd\u8981\u7684\u662f\u52a0\u8f7d\u3001\u5378\u8f7d\u3001\u683c\u5f0f\u5316\u3001\u5206\u533a\u548c\u7ba1\u7406\u786c\u76d8\u9a71\u52a8\u5668\uff0c\u6253\u5f00 tty \u7aef\u53e3\u548c\u5f97\u5230\u5185\u6838\u6d88\u606f\u3002\n<\/p><\/blockquote>\n
yum\u5b89\u88c5<\/strong><\/h3>\n
yum install -y util-linux<\/code><\/p>\n
\u793a\u4f8b<\/h2>\n
\u8fd0\u884c\u4e00\u4e2aopenjdk:8-jdk-alpine<\/code>\u5bb9\u5668\uff0c\u67e5\u770b\u8be5\u5bb9\u5668\u7684pid\uff1a<\/p>\n
# \u67e5\u8be2\u5bb9\u5668\u7684pid\n[root@nacos1 ~]# docker inspect -f {{.State.Pid}} 61716a014554\n26654\n\n# \u4f7f\u7528nsenter\u547d\u4ee4\u8fdb\u5165\u8be5\u5bb9\u5668\u7684\u7f51\u7edc\u547d\u4ee4\u7a7a\u95f4\n[root@nacos1 ~]# nsenter -n -t26654\n\n[root@nacos1 ~]# ip a\n1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n    inet 127.0.0.1\/8 scope host lo\n       valid_lft forever preferred_lft forever\n2277: eth0@if2278: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP\n    link\/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n    inet 172.17.0.2\/16 brd 172.17.255.255 scope global eth0\n       valid_lft forever preferred_lft forever\n\n[root@nacos1 ~]# exit\n\u767b\u51fa\n\n<\/code><\/pre>\n
\u5728Kubernetes\u4e2d\uff0c\u5728\u5f97\u5230\u5bb9\u5668pid\u4e4b\u524d\u8fd8\u9700\u83b7\u53d6\u5bb9\u5668\u7684ID\uff0c\u53ef\u4ee5\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u83b7\u53d6<\/p>\n
kubectl get pod test -o yaml |grep containerID\n  - containerID: docker:\/\/2bdaa26f378b8162482f94bbee636c09fd9c31e6c365e3af595ef4c32346b16b\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
linux-nsenter\u547d\u4ee4\u4f7f\u7528 \u7b80\u4ecb nsenter\u547d\u4ee4\u662f\u4e00\u4e2a\u53ef\u4ee5\u5728\u6307\u5b9a\u8fdb\u7a0b\u7684\u547d\u4ee4\u7a7a\u95f4\u4e0b\u8fd0\u884c\u6307\u5b9a\u7a0b\u5e8f\u7684\u547d\u4ee4 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[332,260],"tags":[408],"class_list":["post-2373","post","type-post","status-publish","format-standard","hentry","category-docker","category-linux","tag-nsenter"],"_links":{"self":[{"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/posts\/2373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/comments?post=2373"}],"version-history":[{"count":1,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/posts\/2373\/revisions"}],"predecessor-version":[{"id":2374,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/posts\/2373\/revisions\/2374"}],"wp:attachment":[{"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/media?parent=2373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/categories?post=2373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/199604.com\/wp-json\/wp\/v2\/tags?post=2373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}