Situation: on user@host a qemu run and stack inside a container user@container
Is it normal:
to view with ps aux | grep qemu from user@host that the process run on user@container?
to be able to make sudo kill -9 pid of the process in the container user@container from the host user@host?
Yes it is. Docker processes on Linux are sandboxed such that they can't affect the rest of the system, but the rest of the system is free to mess with them however it wants to. They are still running on the same kernel, same file system (even if they can only see a limited portion of it), etc. Docker is not a VM; the processes running within the container are running on the same OS as those outside the container.
Given that, it would be very weird if you couldn't list and kill contained processes (from outside the container, and assuming you have enough privileges). Just like you can list and kill Chrome sandbox processes from a normal-privilege OS shell even though the Chrome sandbox prevents those processes from doing anything, so too can you list and kill Docker contained processes from a normal-privilege shell. Processes in one container are unable to interact with those outside of it, including those in other containers, but un-contained processes have no problem reaching "into" a container.
