Discover Linux kernel namespaces in Go. Almost everywhere. Aware of various OCI container engines, even engines in containers.
APACHE-2.0 License
Discover how containers are using Linux kernel namespaces...
...or the mounts inside your containers, and how over-mounts make other mounts invisible.
First, ensure that you have the Docker compose v2 plugin installed.
[!NOTE] Debian users typically need to install docker-ce instead of docker.io packages, as Debian only backports random "security fixes" and freezes features completely – which absolutely makes sense in a fast moving container world ... NOT.
Make sure you have a Linux kernel of at least version 4.11 installed, however we highly recommend at least kernel version 5.6 or later.
wget -q --no-cache -O - \
https://github.com/thediveo/lxkns/raw/master/deployments/wget/docker-compose.yaml \
| docker compose -f - up
Finally, visit http://localhost:5010
and start looking around Linux kernel
namespaces, as well as mount points with their hierarchies.
lxkns
discovers...
lxkns
now leverages (Siemens OSS) Turtlefinderlxkns
.Where? | lsns |
lxkns |
Kernel | |
---|---|---|---|---|
➀ | /proc/*/ns/* |
✓ | ✓ | 4.11 |
➁ | /proc/*/task/*/ns/* |
✗ | ✓ | 4.11 |
➂ | bind mounts | ✓A | ✓ | 4.11 |
➃a |
/proc/*/fd/* namespace fds |
✗ | ✓ | 4.11 |
➃b |
/proc/*/fd/* socket fds |
✗ | ✓ | 5.6 |
➄ | namespace hierarchy | ✗ | ✓ | 4.11 |
➅ | owning user namespaces | ✗ | ✓ | 4.11 |
lsns
have improved and are nowlxkns
lsns
, maybe not; we would likelxkns
finds mount points even in process-less mount
namespaces (for instance, as utilized in "snap"
technology). Our discovery engine even determines
the visibility of mount points, taking different forms of "overmounting" into
consideration.
Take a look at the comprehensive user (and developer) manual.
[!NOTE] Please check Important Changes, especially if you have been used the API in the past, and not only the service.
Or, watch the short overview video how to find your way around discovery web frontend:
The following container engine types are supported:
The lxkns
discovery engine can be operated as a stand-alone REST service with
additional web UI. Alternatively, it can be embedded/integrated into other
system diagnosis tools. A prominent example of embedding lxkns
is
@siemens/ghostwire.
lxkns
supports versions of Go that are noted by the Go release
policy, that is, major
versions N and N-1 (where N is the current major version).
This project comes with comprehensive unit tests, also covering leak checks:
goroutine leak checking courtesy of Gomega's
gleak
package.
file descriptor leak checking courtesy of the @thediveo/fdooze module.
[!CAUTION] Note: do not run parallel tests for multiple packages.
make test
ensures to run all package tests always sequentially, but in case you rungo test
yourself, please don't forget-p 1
when testing multiple packages in one, erm, go.
Please see CONTRIBUTING.md.
lxkns
is Copyright 2020‒24 Harald Albrecht, and licensed under the Apache
License, Version 2.0.