How to distinguish pid 1.17, etc. docker containers with host 1.17
By default, these pid are in a different namespace.
Since issue 10080 and --pid host , container pids may remain in the host pid namespace.
There's also problem 10163: "Allow common PID namespaces" by requesting --pid=container:id
all kernel changes happen when we create a new process inside the docker container
Note and May 2016 update: issue 10163 and --pid=container:id now resolved by PR 22481 for docker 1.12, which allows you to join another container PID namespace.
No kernel level changes, only use:
- groups or control groups. The key to running applications in isolation is to use only the right resources.
- federated file systems to create building blocks for containers