Docker exec versus nsenter: Any gotchas?
I’ve been using nsenter for the last few months to get a shell running on a container for debugging purposes. I have heard about and used docker exec which was introduced in version 1.3. Docker exec seems to be the new best practice for the purpose of getting inside a container for debugging purposes, but I’m wondering if there are any drawbacks to using docker exec versus nsenter. Information comparing the two is scant. Are there any specific problems I should watch out for or avoid when using
docker exec versus nsenter?
2 Solutions collect form web for “Docker exec versus nsenter: Any gotchas?”
That is not entirely clear right now. But I would support the view that since
docker exec is the official way, to go with that. The author of
nsenter actually recommends using
docker exec. If you encounter any drawbacks, he encourages you to report them though.
docker exec versus nsenter
There are differences between nsenter and docker exec; namely, nsenter doesn’t enter the cgroups, and therefore evades resource limitations. The potential benefit of this would be debugging and external audit, but for remote access, docker exec is the current recommended approach.
Only works on Intel 64 bits platforms. Arguably, this is the only officially supported platform for Docker; so it’s not a big deal.
nsenter still needs to run from the host; it cannot run inside a container (yet).