Is there any way to view or manipulate the mount namespace for an arbitrary process?
For example, a docker container is running which has a local mount to an NFS server. It can be seen from inside the container, but on the outside, the host has no knowledge of it. With network namespaces this is doable. e.g. pipework
However, I see nothing about this for mount namespaces. Is there an API or sysfs layer exposed to view these mounts and manipulate or create new ones?
Best Answer
Yes. You can look at its
/proc/$PID/mountinfo
or else you can use thefindmnt -N
switch - about whichfindmnt --help
says:-N, --task <tid>
/proc/<tid>/mountinfo
file)findmnt
also tracks thePROPAGATION
flag which is amountinfo
field which reports on exactly this information - which processes share which mounts.Also, you can always
nsenter
any type of namespace you like - provided you have the correct permissions, of course.