Hi guys, first post here.

I am kind of curious as to how Docker containerizes the ps command within a container. In other words how does it make ps display only those processes that are running inside the container? Since ps only reads from /proc and if not handled properly there may be a process namespace leak.

Can someone please explain the technique of mounting a directory as proc?

Thanks.