conmon

What is conmon?

An OCI container runtime monitor.Conmon is a monitoring program and communication tool between a container manager (like Podman or CRI-O) and an OCI runtime (like runc or crun) for a single container.Upon being launched, conmon (usually) double-forks to daemonize and detach from the parent that launched it. It then launches the runtime as its child. This allows managing processes to die in the foreground, but still be able to watch over and connect to the child process (the container).While the container runs, conmon does two things:* Provides a socket for attaching to the container, holding open the container"s standard streams and forwarding them over the socket.* Writes the contents of the container"s streams to a log file (or to the systemd journal) so they can be read after the container"s death.Finally, upon the containers death, conmon will record its exit time and code to be read by the managing programs.

 

The entire lifecycle of conmon

The following figure shows you the visualised product life cycle of conmon. You can see all releases with the latest patch version, the long-term support characteristics (orange flag in the green circle, the periods for version provision, maintenance and support.

Figure: Release, patch and end-of-life cycle of product conmon (container)

 

Facts and figures about conmon

 

 

Keywords

conmon

 

container

 

System component

 

Release

 

Version

 

Major

 

Minor

 

Patch

 

End-of-life

 

EOL

 

Support

 

End-of-support

 

EOS

 

Maintenance

 

End-of-maintenance

 

EOM

 

Security

 

Long-term support

 

LTS

 

Vulnerabilities

 

Common vulnerabilities & exposures

 

CVE

 

Security