检查你是否有$ code> nsenter 工具。它应该在2.23之后的 util-linux 包中。注意：不幸的是，Debian和Ubuntu还附带了util-linux 2.20。

Check if you have the nsenter tool. It should be in the util-linux package, after version 2.23. Note: unfortunately, Debian and Ubuntu still ship with util-linux 2.20.

如果你有 nsenter 简单。首先，找到容器的第一个进程的PID（实际上，任何PID都会做，但这只是更容易和更安全）：

If you have nsenter, it's relatively easy. First, find the PID of the first process of the container (actually, any PID will do, but this is just easier and safer):

PID=$(docker inspect --format '{{.State.Pid}}' my_container_id)

然后，输入如下：

nsenter --target $PID --mount --uts --ipc --net --pid

Voilà！但是请注意， nsenter 将不会履行功能。

Voilà! Note, however, that nsenter won't honor capabilities.

如果您没有 nsenter （例如，如果您正在使用Debian或Ubuntu，或者您的发行版具有太旧的util-linux），则可以下载util-linux并对其进行编译。我有一个 nsenter 二进制，也许我可以将其上传到Docker注册表，如果这可以帮助任何人。

If you don't have nsenter (e.g. if you are using Debian or Ubuntu, or your distro has too old util-linux), you can download util-linux and compile it. I have a nsenter binary, maybe I can upload it to the Docker registry if that could help anyone.

另一个选项是使用 nsinit ，这是libcontainer的辅助工具。我不认为 nsinit 有很多文档，因为它是新的，但是检查 https://asciinema.org/a/8090 为例。您将需要一个Go构建环境。

Another option is to use nsinit, a helper tool for libcontainer. I don't think that there is a lot of documentation for nsinit since it's very new, but check https://asciinema.org/a/8090 for an example. You will need a Go build environment.