Understanding Docker security I – kernel namespaces
A namespace provides a wrapper around a global system resource of the kernel and makes the resource appear to the process within the namespace as if they have an isolated instance. Global resource changes are visible to processes in the same namespace but invisible to others. Containers are considered an excellent implementation of a kernel namespace.
The following namespaces are implemented by Docker:
- pid namespace: Used for process isolation (PID—Process ID)
- net namespace: Used for managing network interfaces (NET—Networking)
- ipc namespace: Used for managing access to IPC resources (IPC—Inter Process Communication)
- mnt namespace: Used for managing mount points (MNT—Mount)
- uts namespace: Used for ...