Linux namespaces
Introduction
A namespace is a wrapper around system resources and part of the Linux kernel. The goal of namespaces is to create an isolated world for a process or processes. These processes can only see those resources within the namespace. Namespaces are an important building block to create containers. In systemd it is used to allow sandboxing of applications, typically increasing the security of the related service.
Types of namespaces
| Namespace | Short name | Kernel identifier | Description |
|---|---|---|---|
| Cgroup | cgroup | CLONE_NEWCGROUP | Control group root directory |
| IPC | ipc | CLONE_NEWIPC | Process communication, such as System V IPC, POSIX message queues, semaphores |
| Network | net | CLONE_NEWNET | Network devices, network stack, ports |
| Mount | mnt | CLONE_NEWNS | Mount points |
| PID | pid | CLONE_NEWPID | Process IDs |
| Time | time | CLONE_NEWTIME | Boot and monotonic clocks |
| User | user | CLONE_NEWUSER | User and group IDs (like in /etc/passwd) |
| UTS | uts | CLONE_NEWUTS | Hostname of system and NIS domain name |
Tools related to namespaces
The following tools can be useful to learn more about namespaces, see information, or perform related tasks.