问题描述

我在VM上运行了多个Docker映像和容器。但是 runc list之类的命令并未列出其中任何一个。

I have multiple Docker images and containers running on a VM. But commands like "runc list" doesn't list any of these.

如何使runc / containerd知道我现有的docker映像？

How can I make runc/containerd aware of my existing docker images?

推荐答案

运行时（ runc ）使用所谓的运行时根目录来存储和获取有关容器的信息。在此根目录下， runc 放置子目录（每个容器一个），每个子目录都包含 state.json

The runtime (runc) uses so-called runtime root directory to store and obtain the information about containers. Under this root directory, runc places sub-directories (one per container), and each of them contains the state.json file, where the container state description resides.

运行时根目录的默认位置为 / run / runc （对于非无根容器）或 $ XDG_RUNTIME_DIR / runc （对于无根容器）-后者通常也指向 / run以下的某个地方（例如 / run / user / $ UID / runc ）。

The default location for runtime root directory is either /run/runc (for non-rootless containers) or $XDG_RUNTIME_DIR/runc (for rootless containers) - the latter also usually points to somewhere under /run (e.g. /run/user/$UID/runc).

容器引擎时调用 runc ，它可能会覆盖默认的运行时根目录并指定自定义目录（-root c $ c> runc ）。 Docker使用这种可能性，例如在我的盒子上，它指定 / run / docker / runtime-runc / moby 作为运行时根。

When the container engine invokes runc, it may override the default runtime root directory and specify the custom one (--root option of runc). Docker uses this possibility, e.g. on my box, it specifies /run/docker/runtime-runc/moby as the runtime root.

说，要使 runc列表看到您的Docker容器，您必须通过指定-root 选项。另外，鉴于默认情况下Docker容器不是非root用户的，因此您将需要适当的特权来访问运行时根（例如，使用 sudo ）。

That said, to make runc list see your Docker containers, you have to point it to Docker's runtime root directory by specifying --root option. Also, given that Docker containers are not rootless by default, you will need the appropriate privileges to access the runtime root (e.g. with sudo).

因此，这应该是这样的：

So, that's how this should work:

$ docker run -d alpine sleep 1000
4acd4af5ba8da324b7a902618aeb3fd0b8fce39db5285546e1f80169f157fc69

$ sudo runc --root /run/docker/runtime-runc/moby/ list
ID                                                                 PID         STATUS      BUNDLE                                                                                                                               CREATED                          OWNER
4acd4af5ba8da324b7a902618aeb3fd0b8fce39db5285546e1f80169f157fc69   18372       running     /run/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/4acd4af5ba8da324b7a902618aeb3fd0b8fce39db5285546e1f80169f157fc69   2019-07-12T17:33:23.401746168Z   root

$


关于图像，您无法使 runc 看到它们，因为它根本没有图像概念-而是在。创建捆绑包（例如，基于图片）是调用方的责任（在您的情况下为容器化）。

As to images, you can not make runc see them, as it has no notion of image at all - instead, it operates on bundles. Creating the bundle (e.g. based on image) is responsibility of the caller (in your case - containerd).