The failure of userland tools (such as lsof) to correctly show work with containers is unfortunate, but this is partly an artifact of the Linux kernel's somewhat ramshackle approach to containerization.
The kernel doesn't have a concept of containers, but rather of kernel namespaces. For example, it's possible for a process to create a new namespace that is the same as that of a default process, except with a new file system namespace — i.e., a chroot.
Hopefully we'll see these tools updated to better understand kernel namespaces. In the meantime, if you need to interact with containers, use the nsenter [1] tool. For example, it allows you to enter the same PID namespace as the container, but still use the host file system.
For example, run to lsof against a container's PID 1 (corresponding to the host PID 1234):
The kernel doesn't have a concept of containers, but rather of kernel namespaces. For example, it's possible for a process to create a new namespace that is the same as that of a default process, except with a new file system namespace — i.e., a chroot.
Hopefully we'll see these tools updated to better understand kernel namespaces. In the meantime, if you need to interact with containers, use the nsenter [1] tool. For example, it allows you to enter the same PID namespace as the container, but still use the host file system.
For example, run to lsof against a container's PID 1 (corresponding to the host PID 1234):
$ nsenter -p 1234 lsof -p 1
[1] http://man7.org/linux/man-pages/man1/nsenter.1.html