# Linux Namespaces {% hint style="info" %} 假設host是一間房子,那麼namespace就是host上的房間,你將房間分配給了孩子,孩子只能在房間內活動,並且使用自己的房間內的物品,且無法與其他房間內的孩子互動。-- from [KodeKloud](https://www.youtube.com/watch?v=j_UUnlVC2Ss) {% endhint %} Linux kernel提供6個型別的namespace來進行資源的隔離 * UTS namespace – 主機與Domain name * IPC namespace – 阻斷process之間的通訊 * PID namespace – 程序編號(Process ID),每個容器都會有`PID=1`的process,這個process在本機上也會有另一個PID * Network namespace – 允許擁有獨立的網路設備、IP Address、路由、port * Mount namespace – 掛載點,也就是隔離文件系統 * User namespace – user及user group 到這裡我們得知,同一個namespace下的資源共享。接著來查看實際情況,輸入`ls -l /proc/$$/ns`列出namespace ``` root@vm:/home/jennifer# ls -l /proc/$$/ns # 主機 總計 0 lrwxrwxrwx 1 root root 0 6月 29 14:43 cgroup -> 'cgroup:[4026531835]' lrwxrwxrwx 1 root root 0 6月 29 14:43 ipc -> 'ipc:[4026531839]' lrwxrwxrwx 1 root root 0 6月 29 14:43 mnt -> 'mnt:[4026531840]' lrwxrwxrwx 1 root root 0 6月 29 14:43 net -> 'net:[4026531985]' lrwxrwxrwx 1 root root 0 6月 29 14:43 pid -> 'pid:[4026531836]' lrwxrwxrwx 1 root root 0 6月 29 14:43 pid_for_children -> 'pid:[4026531836]' lrwxrwxrwx 1 root root 0 6月 29 14:43 user -> 'user:[4026531837]' lrwxrwxrwx 1 root root 0 6月 29 14:43 uts -> 'uts:[4026531838]' root@c4bf14a28bd0:/# ls -l /proc/$$/ns # network=bridge的容器1 total 0 lrwxrwxrwx 1 root root 0 Jun 29 06:45 cgroup -> 'cgroup:[4026531835]' lrwxrwxrwx 1 root root 0 Jun 29 06:45 ipc -> 'ipc:[4026532387]' lrwxrwxrwx 1 root root 0 Jun 29 06:45 mnt -> 'mnt:[4026532385]' lrwxrwxrwx 1 root root 0 Jun 29 06:45 net -> 'net:[4026532390]' lrwxrwxrwx 1 root root 0 Jun 29 06:45 pid -> 'pid:[4026532388]' lrwxrwxrwx 1 root root 0 Jun 29 06:45 pid_for_children -> 'pid:[4026532388]' lrwxrwxrwx 1 root root 0 Jun 29 06:45 user -> 'user:[4026531837]' lrwxrwxrwx 1 root root 0 Jun 29 06:45 uts -> 'uts:[4026532386]' root@vm:/# ls -l /proc/$$/ns # network=host的容器2 total 0 lrwxrwxrwx 1 root root 0 Jun 29 14:48 cgroup -> cgroup:[4026531835] lrwxrwxrwx 1 root root 0 Jun 29 14:48 ipc -> ipc:[4026532383] lrwxrwxrwx 1 root root 0 Jun 29 14:48 mnt -> mnt:[4026532377] lrwxrwxrwx 1 root root 0 Jun 29 14:48 net -> net:[4026531985] lrwxrwxrwx 1 root root 0 Jun 29 14:48 pid -> pid:[4026532384] lrwxrwxrwx 1 root root 0 Jun 29 14:48 pid_for_children -> pid:[4026532384] lrwxrwxrwx 1 root root 0 Jun 29 14:48 user -> user:[4026531837] lrwxrwxrwx 1 root root 0 Jun 29 14:48 uts -> uts:[4026532382] ``` 依主機來看,`ipc -> 'ipc:[4026531839]'`,指的就是主機的`ipc namespace`為`4026531839` 主機與容器1,`ipc, mnt, net, pid, uts`這5種namespace均不同,只有user namespace相同 主機與容器2,`ipc, mnt, pid, uts`這4種namespace均不同,只有user namespace, net namespace相同。多了net namespace的原因是容器2直接使用host的網路 ### 同場加映 用`hostnamectl`查看host OS資訊 ``` root@vm:/home/jennifer# hostnamectl Static hostname: BigData10 Icon name: computer-vm Chassis: vm Machine ID: 7de73b8ba8874689ac758936d0f9ce5e Boot ID: 66503f1fe9e143a3a37eb27137a5f54b Virtualization: microsoft Operating System: Ubuntu 18.04.2 LTS Kernel: Linux 4.15.0-106-generic Architecture: x86-64 ``` (end) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cutejaneii.gitbook.io/docker/docker-underlying-technology/linux-namespaces.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.