aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorValentin Rothberg <vrothberg@suse.com>2018-07-19 14:41:58 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-07-19 20:47:52 +0000
commitba1871dac033783ab0329c9b3c9113a34a90992f (patch)
treef0be2944ff09d857306ea42864c7b24ae86ae9bd /docs
parent98703eb204923f06555605c648fc165a55214520 (diff)
downloadpodman-ba1871dac033783ab0329c9b3c9113a34a90992f.tar.gz
podman-ba1871dac033783ab0329c9b3c9113a34a90992f.tar.bz2
podman-ba1871dac033783ab0329c9b3c9113a34a90992f.zip
podman-top: use containers/psgo
Use github.com/containers/psgo instead of execing `ps (1)`. The psgo library enables a much more flexible interface with respect to which data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.) while the output can be parsed reliably. The library does not use ps (1) but parses /proc and /dev instead. To list the processes of a given container, psgo will join the mount namespace of the given container and extract all data from there. Notice that this commit breaks compatibility with docker-top. Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1113 Approved by: rhatdan
Diffstat (limited to 'docs')
-rw-r--r--docs/podman-top.1.md58
1 files changed, 46 insertions, 12 deletions
diff --git a/docs/podman-top.1.md b/docs/podman-top.1.md
index a9abd8baf..d95d4df7f 100644
--- a/docs/podman-top.1.md
+++ b/docs/podman-top.1.md
@@ -4,10 +4,10 @@
podman\-top - Display the running processes of a container
## SYNOPSIS
-**podman top** [*options*] *container* [*ps-options*]
+**podman top** [*options*] *container* [*format-descriptors*]
## DESCRIPTION
-Display the running process of the container. *ps-options* can be any of the options you would pass to `ps(1)`.
+Display the running process of the container. The *format-descriptors* are ps (1) compatible AIX format descriptors but extended to print additional information, such as the seccomp mode or the effective capabilities of a given process.
## OPTIONS
@@ -20,25 +20,59 @@ Display the running process of the container. *ps-options* can be any of the opt
Instead of providing the container name or ID, use the last created container. If you use methods other than Podman
to run containers such as CRI-O, the last started container could be from either of those methods.
+## FORMAT DESCRIPTORS
+
+The following descriptors are supported in addition to the AIX format descriptors mentioned in ps (1):
+
+**capinh**
+
+ Set of inheritable capabilities. See capabilities (7) for more information.
+
+**capprm**
+
+ Set of permitted capabilities. See capabilities (7) for more information.
+
+**capeff**
+
+ Set of effective capabilities. See capabilities (7) for more information.
+
+**capbnd**
+
+ Set of effective capabilities. See capabilities (7) for more information.
+
+**seccomp**
+
+ Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information.
+
+**label**
+
+ Current security attributes of the process.
+
## EXAMPLES
+By default, `podman-top` prints data similar to `ps -ef`:
+
```
# podman top f5a62a71b07
- UID PID PPID %CPU STIME TT TIME CMD
- 0 18715 18705 0.0 10:35 pts/0 00:00:00 /bin/bash
- 0 18741 18715 0.0 10:35 pts/0 00:00:00 vi
-#
+USER PID PPID %CPU ELAPSED TTY TIME COMMAND
+root 1 0 0.000 20.386825206s pts/0 0s sh
+root 7 1 0.000 16.386882887s pts/0 0s sleep
+root 8 1 0.000 11.386886562s pts/0 0s vi
```
+The output can be controlled by specifying format descriptors as arguments after the container:
+
```
-#podman --log-level=debug top f5a62a71b07 -o pid,fuser,f,comm,label
- PID FUSER F COMMAND LABEL
-18715 root 4 bash system_u:system_r:container_t:s0:c429,c1016
-18741 root 0 vi system_u:system_r:container_t:s0:c429,c1016
-#
+# sudo ./bin/podman top -l pid seccomp args %C
+PID SECCOMP COMMAND %CPU
+1 filter sh 0.000
+8 filter vi /etc/ 0.000
```
+
## SEE ALSO
-podman(1), ps(1)
+podman(1), ps(1), seccomp(2), capabilities(7)
## HISTORY
December 2017, Originally compiled by Brent Baude<bbaude@redhat.com>
+
+July 2018, Introduce format descriptors by Valentin Rothberg <vrothberg@suse.com>