👉 Overview
👀 What ?
Linux Mount Namespace is a feature of the Linux operating system that provides processes with their own isolated filesystem view. This means that processes in different mount namespaces can have different views of the system's filesystem hierarchy, with different mount points and mount options.
🧐 Why ?
The Linux Mount Namespace is crucial in providing process isolation, a key component of system security and stability. By isolating processes' views of the filesystem, it prevents processes from interfering with each other's files and directories, enhancing system stability and security. It is also important for containerization technologies, such as Docker, where each container needs its own isolated filesystem.
⛏️ How ?
To use the Linux Mount Namespace, you can use the 'unshare' command to create a new namespace, and the 'mount' command to manipulate the filesystem in that namespace. For example, to mount a filesystem in a new namespace, you can run 'unshare -m' to create the namespace and 'mount /dev/sda1 /mnt' to mount the filesystem. Note that you need root privileges to do this.
⏳ When ?
Linux Mount Namespace was introduced in Linux kernel 2.4.19, released in 2002. It has become increasingly important with the rise of containerization technologies in the last decade.
⚙️ Technical Explanations
The Linux Mount Namespace works by associating each process with a 'namespace' object, which contains a 'mount point' data structure for each mount point in the namespace. When a process makes a filesystem-related system call, the kernel uses the process's namespace to determine which mount point to use. This allows for per-process mount points and mount options, and for changes to mount points to be visible only to processes in the same namespace. It also allows for 'bind mounts', where a directory is made visible at another location, and 'overlay mounts', where multiple directories are merged into one.