Understanding Docker security I – kernel namespaces

A namespace provides a wrapper around a global system resource of the kernel and makes the resource appear to the process within the namespace as if they have an isolated instance. Global resource changes are visible to processes in the same namespace but invisible to others. Containers are considered an excellent implementation of a kernel namespace.

The following namespaces are implemented by Docker:

  • pid namespace: Used for process isolation (PIDProcess ID)
  • net namespace: Used for managing network interfaces (NETNetworking)
  • ipc namespace: Used for managing access to IPC resources (IPCInter Process Communication)
  • mnt namespace: Used for managing mount points (MNTMount)
  • uts namespace: Used for ...

Get Learning Docker Networking now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.