👉 Overview
👀 What ?
Linux namespaces are a feature of the Linux kernel that isolates and partitions system resources, such as process IDs, network and user IDs, among other things, between groups or 'namespaces'. This allows for a certain degree of isolation between applications, enhancing both security and system organization.
🧐 Why ?
Linux namespaces are a fundamental building block for container technologies like Docker, providing the necessary isolation that makes containers secure and independent units of software deployment. They are crucial for maintaining the stability of the Linux system, preventing processes and users from interfering with each other, and partitioning system resources in a controlled and efficient way.
⛏️ How ?
Using Linux namespaces typically involves leveraging certain system calls like clone(), unshare(), and setns() to create, modify, and switch between namespaces. Additionally, Linux namespaces can also be managed using command-line utilities like 'unshare' or 'nsenter'. However, it's worth noting that while powerful, Linux namespaces should be handled with care, as improper usage can lead to system instability or security issues.
⏳ When ?
The concept of namespaces was first introduced in Linux kernel 2.4.19, released in 2002. Over the years, more types of namespaces have been added to provide better isolation and control over system resources.
⚙️ Technical Explanations
Each Linux namespace wraps a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. For example, the PID namespace provides isolation for the allocation of process identifiers (PIDs), the network namespace provides isolation for network interfaces and routing tables, and so on. When a process is created, it inherits its parent's namespaces, but new namespaces can also be created and processes can be added or moved between them using specific system calls or command-line utilities. Using namespaces, it's possible to create environments that are isolated from each other to varying degrees, making it a fundamental technology for creating lightweight containers.