Docker – inside container or not?
Hello there! Sometimes, it's crucial to know whether your script is running inside a container or not. I recently faced this challenge myself and wanted to share my experience of finding a solution for it.
But no need to fret, I've got you covered. In this tutorial, I'll be sharing some of the most effective ways to determine whether your script is running inside a Linux container or not. By the end of this tutorial, you'll be equipped to identify whether your script is running inside a container and take appropriate actions accordingly.
So, let's dive in and make sure your scripts are running smoothly, no matter where they're being executed!
Using control groups to determine if a process is running inside a Docker container
Control groups are a Linux kernel feature that tracks or controls resource usage for a group of processes. In this context, resources refer to system resources such as memory, CPU, and IO devices. Linux represents these control groups as a pseudo-filesystem. Containers share the kernel of their host, so Linux uses a separate namespace for them in the control groups.
The method used to determine if a process is running inside a Docker container varies depending on whether the system is using control group v1 or v2. This is because their respective file layout is significantly different.
Determining if a process is running inside a Docker or LXC container on control group V1
To identify whether a process is running in a Docker or LXC container from the control group of the init process, you can use the following command:
cat /proc/1/cgroup | grep -q '/docker/' && echo "Running inside Docker" || echo "Not running inside Docker"
This command displays the contents of the control group file for the process with PID 1, which is the initialization process for a Linux-based operating system. If some of the lines start with /docker or /lxc, the process is running inside a Docker or LXC container, respectively. If the lines start with /, the process is running in a host operating system.
Determining if a process is running inside a Docker or LXC container on control group V2
In control group v2, container IDs are exposed via the /proc/self/mountinfo directory. You can identify processes running inside a Docker container by looking at the lines that start with /docker. Processes running in an LXC container should start with /lxc. You can use the following command:
grep -q '/docker/' /proc/self/mountinfo && echo "Running inside Docker" || echo "Not running inside Docker"
Checking the scheduling information of the init process to determine if you're inside a container
You can also check the scheduling information of the init process to determine if you're inside a container. To do this, use the following command:
cat /proc/1/sched | head -n 1
This command extracts the first line of the scheduling overview for the process with PID 1. For Linux containers, it displays the command of the main process, which is bash for Ubuntu or CentOS. If the process isn't in a container, it displays init – the initialization process of the OS. For some Linux distributions like CentOS and Debian, the initialization process is systemd. In this case, it displays system instead of init.
For instance, in Kubernetes, the PID 1 process contains dumb-init. Please keep this in mind when checking for init in the output of the command.
Here is a simple one-liner that uses awk to determine if you are inside a Docker container or not. It returns an exit code that you can use to determine if you are running on a host machine or inside a container:
awk '{exit ($1 ~ /^init|systemd$/)}' /proc/1/sched
An exit code of 0 indicates that we are running inside the Docker container, while any other exit code indicates that we are running on the host machine.
Using environment variables to determine if you're inside a container
One method to identify whether the current environment is inside a container or not is to use a custom environment variable. This approach is particularly effective if we are in charge of running the containers. By passing an environment variable during the Docker container's execution, we can indicate that the environment is a container environment.
docker run -it -d --name ubuntu-container -e OS_ENV=container ubuntu:latest
This command passes the environment variable OS_ENV with the value "container" using the -e argument. Afterward, we can begin a new Bash shell inside the container and recognize the environment through the variable. By running docker exec -it ubuntu-container /bin/bash and echo $OS_ENV, we can verify that the environment variable has been correctly passed.
If the host operating system executes the program or script, the value "container" will not exist, allowing us to determine the environment based on the presence of the variable.
Conclusion
In summary, we have discovered a useful approach to identifying whether we are in a container environment or not by employing a custom environment variable. We have also taken into account the downsides of various methods and identified which circumstances they may be useful in.