Когда я выполняю задачу в контейнере, используя docker exec, новый порожденный процесс присоединяется к containerd-shim с другими процессами этого контейнера, что является ожидаемым поведением. Но я не понимаю в деталях, как недавно созданный процесс может быть присоединен к этому процессу.
РЕДАКТИРОВАТЬ: После некоторого исследования я понял, что процесс фактически был порожден прогоном c затем, используя prctl(PR_SET_CHILD_SUBREAPER, 1);, можно было завершить прогон c, и процесс был присоединен к прогону c. Тем не менее, это не объясняет, как процесс «переносится» из моей оболочки в этот процесс запуска c, связанный с containerd-shim
Например, если я порождаю процесс с sudo strace docker exec 104f931f77ee sleep 99, тогда у меня будет следующее дерево ps (упрощено для ясности).
systemd,1
├─agetty,365 -o -p -- \\u --noclear tty1 linux
├─containerd,364
│ ├─containerd-shim,1858 -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/104f931f77eeb745451a47644e4997440a674697cef9a1a567b4edede960c68e -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
│ │ ├─bash,1875
│ │ ├─sleep,4769 10000000
│ │ ├─sleep,15504 99
│ │ └─{containerd-shim},1859, 1860, ...
│ └─{containerd},373, 374, ...
├─dockerd,366 -H fd:// --containerd=/run/containerd/containerd.sock
│ └─{dockerd},381, 382 ... 406
│
└─sshd,371 -D
└─sshd,565
└─sshd,582
└─zsh,583
└─sudo,15479 strace docker exec 104f931f77ee sleep 99
└─strace,15480 docker exec 104f931f77ee sleep 99
└─docker,15483 exec 104f931f77ee sleep 99
└─{docker},15485 to 15494
В соответствии с strace из containerd-shim, это не связано с containerd-shim напрямую, так как при подключении контейнера не выполняется системный вызов к этому процессу. (Так как он пробуждается только тогда, когда контейнер умирает, а не когда он появляется)
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21192, si_uid=0, si_status=0, si_utime=1, si_stime=0} ---
futex(0x9f3500, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigreturn({mask=~[HUP INT QUIT ILL TRAP ABRT BUS FPE KILL USR1 SEGV PIPE TERM STKFLT CHLD STOP PROF SYS RTMIN RT_1]}) = 202
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21653, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
futex(0x9f3500, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigreturn({mask=~[HUP INT QUIT ILL TRAP ABRT BUS FPE KILL USR1 SEGV PIPE TERM STKFLT CHLD STOP PROF SYS RTMIN RT_1]}) = 202
futex(0x9d8828, FUTEX_WAIT_PRIVATE, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
(См. Редактирование) Это особенно странно, поскольку:
Вы не можете запустить процесс как дочерний элемент оболочки, а затем «переписать» его, чтобы другой процесс стал его родительским.
Поэтому вам нужно использовать родительский процесс, который явно запускает дочерние элементы.
Кроме того, в соответствии с этим типом не существует прямой связи между процессом нереста и containerd-shim
sudo strace docker exec 104f931f77ee sleep 99
execve("/usr/bin/docker", ["docker", "exec", "104f931f77ee", "sleep", "99"], 0x7ffe39a39f60 /* 13 vars */) = 0
brk(NULL) = 0x5650f557d000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32790, ...}) = 0
mmap(NULL, 32790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3324830000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@l\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=146968, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332482e000
mmap(NULL, 132288, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f332480d000
mmap(0x7f3324813000, 61440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f3324813000
mmap(0x7f3324822000, 24576, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0x7f3324822000
mmap(0x7f3324828000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7f3324828000
mmap(0x7f332482a000, 13504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f332482a000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\21\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14592, ...}) = 0
mmap(NULL, 16656, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3324808000
mmap(0x7f3324809000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f3324809000
mmap(0x7f332480a000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f332480a000
mmap(0x7f332480b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f332480b000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260A\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1824496, ...}) = 0
mmap(NULL, 1837056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f3324647000
mprotect(0x7f3324669000, 1658880, PROT_NONE) = 0
mmap(0x7f3324669000, 1343488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f3324669000
mmap(0x7f33247b1000, 311296, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16a000) = 0x7f33247b1000
mmap(0x7f33247fe000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7f33247fe000
mmap(0x7f3324804000, 14336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3324804000
close(3) = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3324644000
arch_prctl(ARCH_SET_FS, 0x7f3324644740) = 0
mprotect(0x7f33247fe000, 16384, PROT_READ) = 0
mprotect(0x7f332480b000, 4096, PROT_READ) = 0
mprotect(0x7f3324828000, 4096, PROT_READ) = 0
mprotect(0x5650f338d000, 27123712, PROT_READ) = 0
mprotect(0x7f3324860000, 4096, PROT_READ) = 0
munmap(0x7f3324830000, 32790) = 0
set_tid_address(0x7f3324644a10) = 15483
set_robust_list(0x7f3324644a20, 24) = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f33248136b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f3324813740, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(NULL) = 0x5650f557d000
brk(0x5650f559e000) = 0x5650f559e000
sched_getaffinity(0, 8192, [0, 1, 2, 3, 4, 5]) = 64
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3324604000
mmap(0xc000000000, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(0xc000000000, 67108864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xc000000000
mmap(NULL, 33554432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3322604000
mmap(NULL, 2164736, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223f3000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223e3000
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33223d3000
rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0
sigaltstack(NULL, {ss_sp=NULL, ss_flags=SS_DISABLE, ss_size=0}) = 0
sigaltstack({ss_sp=0xc000002000, ss_flags=0, ss_size=32768}, NULL) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
gettid() = 15483
rt_sigaction(SIGHUP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGILL, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGILL, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGTRAP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTRAP, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGABRT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGABRT, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGBUS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGFPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGFPE, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGUSR1, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR1, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGSEGV, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGUSR2, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGUSR2, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=0x5650f1abaf20, sa_mask=~[RTMIN RT_1],
[...]
sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f332481f730}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3321bd2000
mprotect(0x7f3321bd3000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f33223d1fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f33223d29d0, tls=0x7f33223d2700, child_tidptr=0x7f33223d29d0) = 15485
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33213d1000
mprotect(0x7f33213d2000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3321bd0fb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3321bd19d0, tls=0x7f3321bd1700, child_tidptr=0x7f3321bd19d0) = 15486
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33203cf000
mprotect(0x7f33203d0000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3320bcefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3320bcf9d0, tls=0x7f3320bcf700, child_tidptr=0x7f3320bcf9d0) = 15488
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f33137ff000
mprotect(0x7f3313800000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f3313ffefb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3313fff9d0, tls=0x7f3313fff700, child_tidptr=0x7f3313fff9d0) = 15489
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
mmap(NULL, 1439992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332026f000
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332022f000
readlinkat(AT_FDCWD, "/proc/self/exe", "/usr/bin/docker", 128) = 15
fcntl(0, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
fcntl(1, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
fcntl(2, F_GETFL) = 0x402 (flags O_RDWR|O_APPEND)
getpid() = 15483
newfstatat(AT_FDCWD, "/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}, 0) = 0
openat(AT_FDCWD, "/proc/stat", O_RDONLY|O_CLOEXEC) = 3
epoll_create1(EPOLL_CLOEXEC) = 4
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=539230440, u64=139857559290088}}) = 0
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
read(3, "cpu 2248 0 4821 3583425 1021 0 "..., 4096) = 1387
read(3, "", 2709) = 0
epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc00021120c) = 0
close(3) = 0
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f33201ef000
futex(0xc000074bc8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a6148, FUTEX_WAKE_PRIVATE, 1) = 1
getrandom("\x5c\x6c\x6d\xbf\xd9\x2a\xf8\x4d", 8, 0) = 8
newfstatat(AT_FDCWD, "/usr/lib/libykcs11.so", 0xc000050788, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/libykcs11.so.1", 0xc000050858, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib64/libykcs11.so", 0xc000050928, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib64/libykcs11.so.1", 0xc0000509f8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libykcs11.so", 0xc000050ac8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/lib/libykcs11.so", 0xc000050b98, 0) = -1 ENOENT (No such file or directory)
capget({version=0 /* _LINUX_CAPABILITY_VERSION_??? */, pid=0}, NULL) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cap_last_cap", O_RDONLY|O_CLOEXEC) = 3
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=539230440, u64=139857559290088}}) = 0
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 0
read(3, "37\n", 11) = 3
epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc000211d24) = 0
close(3) = 0
newfstatat(AT_FDCWD, "/usr/local/sbin/unpigz", 0xc0000512e8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/unpigz", 0xc0000513b8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/unpigz", 0xc000051488, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/unpigz", {st_mode=S_IFREG|0755, st_size=116944, ...}, 0) = 0
getpid() = 15483
futex(0xc000074848, FUTEX_WAKE_PRIVATE, 1) = 1
uname({sysname="Linux", nodename="debiankvm", ...}) = 0
getuid() = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=510, ...}) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 510
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=32790, ...}) = 0
mmap(NULL, 32790, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f3324830000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0003\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=55792, ...}) = 0
mmap(NULL, 83768, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f33201da000
mprotect(0x7f33201dd000, 40960, PROT_NONE) = 0
mmap(0x7f33201dd000, 28672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f33201dd000
mmap(0x7f33201e4000, 8192, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f33201e4000
mmap(0x7f33201e7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f33201e7000
mmap(0x7f33201e9000, 22328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f33201e9000
close(3) = 0
mprotect(0x7f33201e7000, 4096, PROT_READ) = 0
munmap(0x7f3324830000, 32790) = 0
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
lseek(3, 0, SEEK_CUR) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=1394, ...}) = 0
read(3, "root:x:0:0:root:/root:/bin/zsh\nd"..., 4096) = 1394
close(3) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3311ffc000
mprotect(0x7f3311ffd000, 8388608, PROT_READ|PROT_WRITE) = 0
clone(child_stack=0x7f33127fbfb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f33127fc9d0, tls=0x7f33127fc700, child_tidptr=0x7f33127fc9d0) = 15492
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a7d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0000a7d48, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
epoll_pwait(4, [], 128, 0, NULL, 8) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332018a000
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04ee8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
epoll_pwait(4, [], 128, 0, NULL, 128) = 0
futex(0x5650f4e04230, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04130, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc00044c4c8, FUTEX_WAKE_PRIVATE, 1) = 1
mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f332017a000
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e04ee8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
newfstatat(AT_FDCWD, "/root/.docker/config.json", 0xc0004d9bd8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.dockercfg", 0xc0004d9ca8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/sbin/pass", 0xc0004d9d78, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/pass", 0xc0004d9e48, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/pass", 0xc0004d9f18, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/pass", 0xc000018038, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/sbin/pass", 0xc000018108, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/bin/pass", 0xc0000181d8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/sbin/docker-credential-secretservice", 0xc0000182a8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/local/bin/docker-credential-secretservice", 0xc000018378, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/sbin/docker-credential-secretservice", 0xc000018448, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/bin/docker-credential-secretservice", 0xc000018518, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/sbin/docker-credential-secretservice", 0xc0000185e8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/bin/docker-credential-secretservice", 0xc0000186b8, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.kube/config", 0xc000018788, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/root/.kube/config", 0xc000018858, 0) = -1 ENOENT (No such file or directory)
futex(0xc0003dd9c8, FUTEX_WAKE_PRIVATE, 1) = 1
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
futex(0xc0004ec148, FUTEX_WAKE_PRIVATE, 1) = 1
futex(0x5650f4e08b80, FUTEX_WAIT_PRIVATE, 0, {tv_sec=31, tv_nsec=999222248}^C) = ? ERESTART_RESTARTBLOCK (Interrupted by signal)
strace: Process 15483 detached
Итак, как создается контейнер с помощью containerd-shim как родитель?
Примечание: вопрос не в том, зачем контейнерам нужна эта архитектура (я знаю, что она позволяет процессу, который порождал контейнер, выходить, не нарушая его: контейнер может продолжать свою работу исполнение оторвалось от оболочки). Но как это технически можно сделать.