docker namespace
There are different types of namespaces and each one of them isolates applications from each other. They are created using the clone system call. One can also attach to existing namespaces.
- The pid namespace allows each container to have its own process
numbering. Each pid forms its own process hierarchy. A parent
namespace can see the children namespaces and affect them, but a
child can neither see the parent namespace nor affect it. - The net namespace allows us to have different network interfaces on
each container, like port. Each net namespace has its own routing
table and firewall rules. - ipc namespace sepratate IPC (Inter Process Communication) between
different container's process; - with mnt namespace, a container can have its own set of mounted
filesystems and root directories, enhenance chroot. - With uts namespace, we can have different hostnames for each
container. - With user namespace support, we can have users who have a nonzero ID
on the host but can have a zero ID inside the container.
There are ways to share namespaces between the host and container and container and container.
摘自book: docker cookbook, 第一章 introduction and Installation, 第一节 Introduction