Essam Hassan
A pragmatic software engineer, cyber security enthusiast and a Linux geek. I curse at my machine on a daily basis at Google. My views are my own.
2 min read

wtf series - wtf is Linux namespaces?

wtf series - wtf is Linux namespaces?

Let's start by running man namespaces

Name:
namespaces - overview of Linux namespaces
Description:
A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the
namespace that they have their own isolated instance of the global resource.  Changes to the global  resource
are  visible to other processes that are members of the namespace, but are invisible to other processes.  One use of namespaces is to implement containers.
Realizing I'm over using this one

So Wtf is namespaces?

Namespaces (ns for short) is a Linux kernel feature that allows creating a logical view of system resources that's different from the physical resources a system has. This is the core idea of Containers like docker, rkt and LXC.

A simple idea of how Namespaces work can be derived backward from it's applications. Let's take a docker container that runs a Nodejs server. If you do docker exec -it <container name> /bin/bash and then ps aux you'll find processes running into container having PIDs 1,2,3. Which usually collides with running ps aux on your terminal. This is possible because of one of Linux namespaces, the PID namespace. It isolates the process ID number space. This means two processes on the same host can have the same PID if they are on different PID namespaces.

This concept of resource isolation is really important in containers. Imagine running two containers on a host machine without this isolation. ContainerA could simply kill -9 $PID from ContainerB or unmount a disk that ContainerC depends on. BONUS: MNT namespace.

It's worth nothing that namespaces don't limit resource usage. It controls visibility of resources between processes. BONUS#2: Wtf is cgroups?

7 namespaces of Ice and Fire

I feel bad explaining my word play with images.
  1. MNT - isolate filesystem mount points
  2. UTS - isolate hostname and domainname
  3. IPC - isolate interprocess communication (IPC) resources
  4. PID - isolate the PID number space
  5. NET - isolate network interfaces
  6. USR - isolate UID/GID number spaces
  7. Cgroup - isolate cgroup root directory