Namespaces in Linux are a feature of the Linux Kernel that enables the separation and isolation of resources running on a Linux system. This allows for creating multiple isolated environments within a single Linux instance.
They work by isolating certain aspects of the system, such as the process tree, network interfaces, and file systems, from the host system and other processes. Each namespace has its own set of resources, and processes running within it cannot access resources outside of it.
Types of namespaces available in Linux
Here is a list of types of namespaces available in Linux.
- Process: Used to isolate the process ID (PID) number space.
- Mount: Used for isolating filesystem mount points.
- Network: Used for isolating network interfaces.
- User namespaces: Isolate UID/GID number spaces.
- Cgroup: Used to isolate cgroup root directory.
- IPC: Used to isolate interprocess communication (IPC) resources.
- UTS: Used to isolate domain name and hostname.
Use cases for namespaces
Let’s discuss some use cases for namespaces.
- Process Isolation: Namespaces are used for process isolation by creating isolated environments for processes, where each environment has its own set of resources separate from other environments.
- Containerization: Linux namespaces act as a building block for containerization. They provide isolation and resource management necessary to create lightweight, self-contained environments for running applications.
- Network Isolation: The Network namespace in Linux is used to isolate the network stack so that the containers have their own set of network interfaces and IP addresses and can't access network resources outside its namespace.
- Virtualization: Namespaces can be used to create virtual environments within a single Linux instance, similar to virtual machines. This can be useful for testing and development or running multiple applications on a single system.
Creating and managing namespaces
There are different ways to create namespaces in Linux. Some common commands include.
- 'unshare' command: This command in Linux enables you to create new namespaces in Linux or run a command in a new namespace. For instance, you can use the 'unshare -p' command to create a new PID namespace.
- 'clone' system call: This command is also used to create new namespaces. It takes a 'flags' argument, which is used to specify the namespaces you want to create. For example, you'll use the command 'clone(clone_NEWPID)' to create a new PID namespace.
- setns system call: This command can be used to join an existing namespace. The setns system call takes a file descriptor of an existing namespace and the namespace type as arguments. For example, you can use the following command: setns(fd, CLONE_NEWNS) to join an existing mount namespace.
Namespaces are fundamental elements for creating containers and modern applications. Understanding how they operate is crucial as we transition applications to more advanced architectures. Namespaces isolate system resources and establish limits for those resources. It's worth noting that they are not limited to being used with containers, as the Linux kernel has built-in interfaces for namespaces, which allows other types of applications to utilize them for separation and resource management.