An introduction to Linux namespaces
|Wiki Page:||An introduction to Linux namespaces|
Namespaces are a mechanism for wrapping a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the resource. By now, Linux has six different namespaces--UTS, mount, network, IPC, PID, and user--that each wrap a distinct set of global resources.
In this tutorial, we'll outline the resources wrapped by each of the namespaces, and investigate topics such as namespace creation, the system call API and /proc files used with namespaces, and command-line tools for working with namespaces.
We'll also look more deeply at user namespaces, one of the more complex and interesting namespaces, whose implementation was (more or less) completed in Linux 3.8. We'll investigate various details of working with user namespaces, such as UID and GID mappings, the interaction of user namespaces with capabilities and set-user-ID programs, and interactions with the other types of namespaces. User namespaces are especially interesting because they provide applications with access to functionality that was formerly limited to root, and we'll consider some examples of new applications that user namespaces make possible.
Michael Kerrisk is the author of the acclaimed book, "The Linux Programming Interface" (http://man7.org/tlpi/), a guide and reference for system programming on Linux and UNIX. He contributes to the Linux kernel primarily via documentation, review, and testing of new kernel-user-space interfaces. In Auckland, he will be celebrating having recently passed 10 years as the maintainer of the Linux man-pages project (http://www.kernel.org/doc/man-pages/). Michael is New Zealander, working as a trainer and consultant in Munich, Germany.