I have created a container with "systemd-nspawn" command. Inside that container, with "route" command I could get ip address of default gateway and could ping it. Now, "ps -ecf" in the host system (outside container) shows "ping" process.

man page of "systemd-nspawn" says it virtualises process tree, the various IPC subsystems and the host and domain name.

my dought is, if "systemd-nspawn" virtualises process tree, why am i seeing "ping " process in "ps -ecf" outside the container??

I could also observe this in reverse case i.e "ping" from host and "ps -ecf " inside container.

logs:

1) create container and ping:
directory chroot in below command has a debian image obtained from "debootsrtap"

root@vig-debian:/home/vignesh/docker_tutorials# systemd-nspawn -D chroot
Spawning container chroot on /home/vignesh/docker_tutorials/chroot.
Press ^] three times within 1s to kill container.
/etc/localtime is not a symlink, not updating container timezone.
root@chroot:~#
root@chroot:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.2.2 0.0.0.0 UG 1024 0 0 eth0
10.0.2.2 * 255.255.255.255 UH 1024 0 0 eth0
10.12.4.0 * 255.255.255.0 U 0 0 0 eth0
root@chroot:~# ping 10.0.2.2
PING 10.0.2.2 (10.0.2.2) 56(84) bytes of data.
64 bytes from 10.0.2.2: icmp_seq=1 ttl=63 time=0.322 ms
64 bytes from 10.0.2.2: icmp_seq=2 ttl=63 time=0.440 ms

2) "ps " in host

root@vig-debian:/home/vignesh/docker_tutorials# ps -ecf | grep "ping"
root 3460 3452 TS 19 16:49 pts/1 00:00:00 ping 10.0.2.2
root 3462 2493 TS 19 16:49 pts/2 00:00:00 grep ping
root@vig-debian:/home/vignesh/docker_tutorials#
root@vig-debian:/home/vignesh/docker_tutorials# machinectl
MACHINE CONTAINER SERVICE
chroot container nspawn

1 machines listed.