If you want to debug or enter your docker container, you might think that you will easily run a sshd server and that's fine. But it's wrong and most of all: it's not necessary.
Like @jpetazzo explained in "Docker SSHD considered evil": containers run with only one executable as main process. So if you want to have a sshd next to your php-fpm, you will need monit or supervisor to launch them. That's already 3 services in total!
That's why: keep your docker image clean!
But how to enter the container? There is a little tool called "nsenter" (available with util-linux >= 2.24)
$ PID=$(docker inspect --format <container_name_or_ID>)
$ sudo nsenter --target $PID --mount --uts --ipc --net --pid
There is also a wrapper for the nsenter command from the beginning, called docker-enter (available at https://github.com/jpetazzo/nsenter):
$ sudo docker-enter my_awesome_container ls -la
If you don't have nsenter available (e.g. it does not come with ubuntu, yet), you can install it like this:
$ # use jpetazzo container to build and cat nsenter to /usr/local/bin/nsenter on your local machine
$ sudo docker run jpetazzo/nsenter cat /nsenter > /usr/local/bin/nsenter
or build it on your own (needs the build-essential package):
$ cd /tmp
$ curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz | tar -zxf-
$ cd util-linux-2.24
$ ./configure --without-ncurses
$ make nsenter
$ sudo cp nsenter /usr/local/bin/nsenter
Happy debugging.
