podman top [options] container [format-descriptors]
podman container top [options] container [format-descriptors]
Display the running processes of the container. The format-descriptors are ps (1) compatible AIX format descriptors but extended to print additional information, such as the seccomp mode or the effective capabilities of a given process. The descriptors can either be passed as separated arguments or as a single comma-separated argument. Note that options and or flags of ps(1) can also be specified; in this case, Podman falls back to executing ps(1) from the host with the specified arguments and flags in the container namespace. If the container has the
CAP_SYS_PTRACE capability then we will execute ps(1) in the container so it must be installed there. Please use the "h*" descriptors to extract host-related information. For instance,
podman top $name hpid huser to display the PID and user of the processes in the host context.
Print usage statement
Instead of providing the container name or ID, use the last created container. Note: the last started container can be from other users of Podman on the host machine. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
The following descriptors are supported in addition to the AIX format descriptors mentioned in ps (1):
args, capbnd, capeff, capinh, capprm, comm, etime, group, hgroup, hpid, huser, label, nice, pcpu, pgid, pid, ppid, rgroup, ruser, seccomp, state, time, tty, user, vsz
Set of bounding capabilities. See capabilities (7) for more information.
Set of effective capabilities. See capabilities (7) for more information.
Set of inheritable capabilities. See capabilities (7) for more information.
Set of permitted capabilities. See capabilities (7) for more information.
The corresponding effective group of a container process on the host.
The corresponding host PID of a container process.
The corresponding effective user of a container process on the host.
Current security attributes of the process.
Seccomp mode of the process (i.e., disabled, strict or filter). See seccomp (2) for more information.
Process state codes (e.g, R for running, S for sleeping). See proc(5) for more information.
Process start time (e.g, "2019-12-09 10:50:36 +0100 CET).
podman-top prints data similar to
$ podman top f5a62a71b07 USER PID PPID %CPU ELAPSED TTY TIME COMMAND root 1 0 0.000 20.386825206s pts/0 0s sh root 7 1 0.000 16.386882887s pts/0 0s sleep root 8 1 0.000 11.386886562s pts/0 0s vi
The output can be controlled by specifying format descriptors as arguments after the container:
$ podman top -l pid seccomp args %C PID SECCOMP COMMAND %CPU 1 filter sh 0.000 8 filter vi /etc/ 0.000
Podman falls back to executing ps(1) from the host in the container namespace if an unknown descriptor is specified.
$ podman top -l -- aux USER PID PPID %CPU ELAPSED TTY TIME COMMAND root 1 0 0.000 1h2m12.497061672s ? 0s sleep 100000
podman(1), ps(1), seccomp(2), proc(5), capabilities(7)
July 2018, Introduce format descriptors by Valentin Rothberg email@example.com ⟨mailto:firstname.lastname@example.org⟩
December 2017, Originally compiled by Brent Baude email@example.com ⟨mailto:firstname.lastname@example.org⟩
podman(1), podman-container(1), podman-pod-top(1), podman-remote(1).
The man page podman-container-top(1) is an alias of podman-top(1).