I am running Docker containers in LXD containers and I have noticed that even though LXD containers have constrained resources, Docker containers that run within them seem to be seeing all CPU and Memory resources available on the host where the LXD container runs.

Here is an example:

root@lxdcontainer:~# grep -c processor /proc/cpuinfo 
1
root@lxdcontainer:~# grep MemTotal /proc/meminfo 
MemTotal:         488280 kB
root@lxdcontainer:~# docker run -it ubuntu bash 
root@fcd00479a2c1:/# grep -c processor /proc/cpuinfo 
56
root@fcd00479a2c1:/# grep MemTotal /proc/meminfo 
MemTotal:       263758600 kB

How is Docker mounting /proc/cpuinfo & /proc/meminfo? How is it obtaining these from the host the LXD container is running on?

I did notice a bug in how LXD mounted /sys/devices/system/cpu/online and filed a bug here. However, I don’t think a fix for that mount will solve the issue of Docker containers seeing host resources when being run from a docker container and wanted to see what I could do to solve this problem.

Appreciate all comments and feedback.