Linux namespaces

There are 7 namespaces. At any point in time, there can be multiple instances of each namespace.
A process can belong to one, and only one, instance of every namespace. It can also move from one instance to another of a given namespace.
- This means that 2 processes can be on the same instance of one namespace and different on another namespace.
Virtual machines, running on a hypervisor, run an independent kernel. They, therefore, provide all or nothing isolation. Namespaces, on the other hand, provide lightweight isolation. For e.g., you can isolate 2 processes on just one namespace.
List of namespaces:
- Mount:
  - It allows you to mount a device to some directory.
  - However, there is a single copy of the underlying device. So, even if the device is mounted in different directories for 2 processes, any change made by one will be visible to another. If you want to prevent that, then not mounting the device at all is one option.
- PID: Allows 2 processes in different instances to have the same PIDs.
  - It’s also hierarchical: a process can see PIDs of all its child processes even if they are created in separate namespace instances but not vice versa.
  - I didn’t know that PID “1” is special. If killed, the kernel panics and restarts.
- Network:
  - This is something that I’ve encountered, but not fully understood, before.
  - Helps setup iptables and routing rules but I need to dig deeper into those.
  - One, rather mundane, use of network namespaces is that you could run multiple web-servers on port 80 on the same kernel if they are running in different network namespace instances.
- UTS: domain name etc.
- IPC: IIRC, processes in the same instance can communicate with each other through IPC (i.e., inter-process communication), otherwise can’t.
- Cgroups.
- User:
  - Helps map user and group ID in one instance to something else in another.
  - For e.g., you may be root inside an unprivileged container but that’s mapped to non-root on the kernel.