Namespace

Definition

Namespace

A namespace is a Linux kernel abstraction that wraps a global system resource so that processes inside the namespace see an isolated instance of that resource.

Changes made to the resource are visible to other processes in the same namespace but are invisible to processes outside it.

Namespaces are the foundation of Linux OS-level virtualisation and were introduced in 2008.

Types

Namespace types

Type Isolated resource Example
mnt file system mount points each container has its own /tmp or /var
pid process IDs each container has its own init (PID 1) and /proc
net network interfaces, routing, firewall each container has its own loopback device
ipc inter-process communication two containers can create shared memory with the same name
uts hostname and domain name each container has its own hostname
cgroup control group view processes in a container cannot see host cgroup directories
user user and group IDs, capabilities root inside a container may be an unprivileged user outside

Type	Isolated resource	Example
`mnt`	file system mount points	each container has its own `/tmp` or `/var`
`pid`	process IDs	each container has its own `init` (PID 1) and `/proc`
`net`	network interfaces, routing, firewall	each container has its own loopback device
`ipc`	inter-process communication	two containers can create shared memory with the same name
`uts`	hostname and domain name	each container has its own hostname
`cgroup`	control group view	processes in a container cannot see host cgroup directories
`user`	user and group IDs, capabilities	`root` inside a container may be an unprivileged user outside

Creating namespaces

The unshare command can create a new namespace and run a program inside it.

Lukas' Notes

Namespace

Table of Contents

Definition

Types

Backlinks