https://wiki.openvz.org/api.php?action=feedcontributions&feedformat=atom&user=AguersonOpenVZ Virtuozzo Containers Wiki - User contributions [en]2026-04-30T02:55:51ZUser contributionsMediaWiki 1.31.1https://wiki.openvz.org/index.php?title=Processes_scope_and_visibility&diff=13430Processes scope and visibility2013-02-22T15:50:51Z<p>Aguerson: vzprocps-perl</p>
<hr />
<div>This [[:Category:HOWTO|HOWTO]] shows how OpenVZ [[hardware node]]<br />
administrator can see a processes belonging to the host system only, or to a<br />
particular [[container]].<br />
<br />
== Problem ==<br />
From [[CT0]] one can see all the processes running on the system; that<br />
includes all the processes of all [[container]]s and the processes of the<br />
[[host system]] itself. Sometimes you just want to see the processes from the host system only. Sometimes you just want to see the processes from a<br />
particular container.<br />
<br />
There are many ways to achieve it.<br />
<br />
== Solutions ==<br />
<br />
=== Hide container processes from host completely ===<br />
<br />
It is possible to hide other CT's processes from [[CT0]]. For this just enable kernel.pid_ns_hide_child sysctl parameter:<br />
<br />
<pre><br />
sysctl -w 'kernel.pid_ns_hide_child=1'<br />
</pre><br />
<br />
and restart all containers. To make setting permanent put into /etc/sysctl.conf following line:<br />
<br />
<pre><br />
kernel.pid_ns_hide_child=1<br />
</pre><br />
<br />
After this ps or htop or top do not show anymore other container processes.<br />
<br />
=== "Poor man's vzps in bash" ===<br />
Use the following script by aistis, broken by [[User:Kir|Kir]], fixed by [[User:Hvdkamer|Hvdkamer]].<br />
<br />
First argument is CT ID (0 for the host system), all the remaining arguments are passed to <code>ps(1)</code> utility.<br />
<br />
<pre><br />
#!/bin/bash<br />
# Usage: ./ovzps CTID [ps flags ...]<br />
<br />
function find_container_pids(){<br />
local pid<br />
local myctid=$1<br />
local ctpids=<br />
<br />
for pid in $ALLPIDS; do<br />
[ -f /proc/$pid/status ] || continue<br />
ctid=`grep envID /proc/$pid/status | awk -F: '{print $2}'`<br />
if [ ${ctid} = ${myctid} ]; then<br />
ctpids="$ctpids $pid"<br />
fi<br />
done<br />
echo "$ctpids"<br />
}<br />
<br />
ALLPIDS=`ps -A -o pid --no-headers`<br />
CTPIDS=`find_container_pids $1`<br />
shift<br />
<br />
if [ -n "${CTPIDS}" ]; then<br />
ps $* -p $CTPIDS<br />
else<br />
exit 0<br />
fi<br />
</pre><br />
<br />
A faster version:<br />
<br />
<pre><br />
#! /bin/bash<br />
# Usage: ovzps <CTID> [ps flags ...]<br />
<br />
ctid=${1:-0}<br />
shift<br />
<br />
ps $* -p $(grep -l "^envID:[[:space:]]*$ctid\$" /proc/[0-9]*/status | <br />
sed -e 's=/proc/\([0-9]*\)/.*=\1=')<br />
</pre><br />
<br />
=== Use vzprocps tools ===<br />
Take <code>vzprocps</code> tools from http://download.openvz.org/contrib/utils/.<br />
These are usual <code>ps</code> and <code>top</code> utilities (named <code>vztop</code> and <code>vzps</code> to not conflict with the standard ones) with an <code>-E</code> option added. You can use <code>-E <i>CTID</i></code> option to limit the output to the selected CTID (use 0 for the host system), or just <code>-E</code> without an argument to just add CTID column to output.<br />
<br />
=== Use vzprocps-perl tools ===<br />
Take <code>vzprocps-perl</code> tools from http://sourceforge.net/p/vzprocpsperl/wiki/vzprocps-perl/.<br />
Write in Perl with basics functions. <br />
Can be used in x86_64 architecture. <br />
<br />
== See also ==<br />
* {{Forum|836}}<br />
<br />
[[Category: HOWTO]]</div>Aguerson