Do we want to allow services to use the host's process namespace?

[errordeveloper]

In the spirit of https://github.com/docker/swarmkit/issues/989, there is a need for allowing container to run in host's process namespace. Unlike docker run --pid=..., it may be not necessary to provide a way for running it a namespace of another container, but instead only host's namespace would be of particular interest.

My use case is about running a monitoring agent that has to see all processes on a host. Weave Scope is one example, but there are many other applications with similar requirements.

[megastef]

+1

[jimmycmh]

+1

[cirocosta]

I have the very same use case as @errordeveloper 👍 How did you end up working around it @errordeveloper ?

[jheidecker]

+1 open to workarounds

[errordeveloper]

We have used a global service that bind-mounts docker socket and starts another container that way... A bit hack-y.

On Wed, 20 Sep 2017, 7:08 pm jheidecker [email protected] wrote:

+1 open to workarounds

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/docker/swarmkit/issues/1605#issuecomment-330934267, or mute the thread https://github.com/notifications/unsubscribe-auth/AAPWS4AUEoTnEVWHvwJQ0pOYWpycwGJJks5skVSrgaJpZM4KSk5l .

[megastef]

Any news for --pid=host in swarm services? We would need it for monitoring agents deployed global service on each swarm node.

[carlwain74]

Our developers need the PIDs to monitor processing usage within the container. So definitely needed for our deployments

[dazinator]

I'd like to monitor a service too, using dotnet-counters. This would be a step to enabling sidecars in swarm which would be awesome.

[DeepSkyWonder]

plus 1 here. Would like to use glances in docker swarm, but for it to see host processes, we need the pid: host option.