aboutsummaryrefslogtreecommitdiff
path: root/system/conmon/README
blob: 8aec03abe198939b32d2ac7697be70ba8a278db7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
An OCI container runtime monitor.

Conmon is a monitoring program and communication tool between a
container manager (like podman or CRI-O) and an OCI runtime (like runc
or crun) for a single container.

Upon being launched, it double-forks to daemonize and detach from
the parent that launched it. It then launches the runtime as its
child. This allows managing processes to die in the foreground, but
still be able to watch over and connect to the child process (the
container).

While the container runs, conmon does two things:

- Provides a socket for attaching to the container, holding open the
  container's standard streams and forwarding them over the socket.
- Writes the contents of the container's streams to a log file (or to
  the systemd journal) so they can be read after the container's death.

Finally, upon the containers death, conmon will record its exit time
and code to be read by the managing programs.

Written in C and designed to have a low memory footprint, conmon
is intended to be run by a container managing library. Essentially,
conmon is the smallest daemon a container can have.