NAME

podman-top - Display the running processes of a container

SYNOPSIS

podman top [options] container [format-descriptors]

podman container top [options] container [format-descriptors]

DESCRIPTION

Display the running processes of the container. The format-descriptors are ps (1) compatible AIX format descriptors but extended to print additional information, such as the seccomp mode or the effective capabilities of a given process. The descriptors can either be passed as separated arguments or as a single comma-separated argument. Note that options and or flags of ps(1) can also be specified; in this case, Podman falls back to executing ps(1) from the host with the specified arguments and flags in the container namespace. If the container has the CAP_SYS_PTRACE capability then we will execute ps(1) in the container so it must be installed there. To extract host-related information, use the “h*” descriptors. For instance, podman top $name hpid huser to display the PID and user of the processes in the host context.

OPTIONS

--help, -h

Print usage statement

--latest, -l

Instead of providing the container name or ID, use the last created container. Note: the last started container can be from other users of Podman on the host machine. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)

FORMAT DESCRIPTORS

The following descriptors are supported in addition to the AIX format descriptors mentioned in ps (1):

args, capbnd, capeff, capinh, capprm, comm, etime, group, hgroup, hpid, huser, label, nice, pcpu, pgid, pid, ppid, rgroup, ruser, seccomp, state, time, tty, user, vsz

capbnd

Set of bounding capabilities. See capabilities (7) for more information.

capeff

Set of effective capabilities. See capabilities (7) for more information.

capinh

Set of inheritable capabilities. See capabilities (7) for more information.

capprm

Set of permitted capabilities. See capabilities (7) for more information.

hgroup

The corresponding effective group of a container process on the host.

hpid

The corresponding host PID of a container process.

huser

The corresponding effective user of a container process on the host.

label

Current security attributes of the process.

seccomp

Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information.

state

Process state codes (e.g, R for running, S for sleeping). See proc(5) for more information.

stime

Process start time (e.g, “2019-12-09 10:50:36 +0100 CET).

EXAMPLES

By default, podman-top prints data similar to ps -ef.

$ podman top f5a62a71b07
USER   PID   PPID   %CPU    ELAPSED         TTY     TIME   COMMAND
root   1     0      0.000   20.386825206s   pts/0   0s     sh
root   7     1      0.000   16.386882887s   pts/0   0s     sleep
root   8     1      0.000   11.386886562s   pts/0   0s     vi

The output can be controlled by specifying format descriptors as arguments after the container.

$ podman top -l pid seccomp args %C
PID   SECCOMP   COMMAND     %CPU
1     filter    sh          0.000
8     filter    vi /etc/    0.000

Podman falls back to executing ps(1) from the host in the container namespace if an unknown descriptor is specified.

$ podman top -l -- aux
USER   PID   PPID   %CPU    ELAPSED             TTY   TIME   COMMAND
root   1     0      0.000   1h2m12.497061672s   ?     0s     sleep 100000

SEE ALSO

podman(1), ps(1), seccomp(2), proc(5), capabilities(7)

HISTORY

July 2018, Introduce format descriptors by Valentin Rothberg vrothberg@suse.com

December 2017, Originally compiled by Brent Baude bbaude@redhat.com