Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources and another set of processes sees a different set of resources.
When you’re running many different processes and applications on a single server, as is the case with deployment tools like Kubernetes, it’s important to have each process isolated, mostly for security.
Changes to the global resource are visible to other processes that are members of the namespace, However it is invisible to other processes. One use of namespaces is to implement containers.
Types of Namespaces
With Linux there are different types of namespaces are available. Each namespace has its own unique properties :
A mount namespace has an independent list of mount points seen by the processes in the namespace. This means that processes running in separate it cannot access files outside of their mount point. Very similar to
UTS namespace enables isolating the system’s host and domain name. This makes initialization and configuration scripts able to be guided based on the respective namespaces.
As the name suggested this namespace controls whether or not processes communicate directly to one another and It also provides separation of interpersonal communication between hosts and containers.
Process ID namespaces
In Linux, the firstly processes spawn as children of PID 1, which forms the root of the process tree. The process namespace cuts off a branch of the PID tree and doesn’t allow access further up the branch. Processes in child will actually have multiple PIDs—the first represents the global PID used by the main system after that the second PID represents the PID within the child process tree, which will restart from 1.
This namespace manages which network devices a process can see, also provides abstraction and virtualization of network protocol services and interfaces for instance. Each network namespace will have its own network device instances that can be configured with individual network addresses. In conclusion, the Isolation is enabled for other network services: routing table, port number, etc.
It allow a process to use unique user and group IDs within or outside a namespace. This means that a process can use privileged user and group IDs (zero) within a user namespace and continue with the non-zero user and group IDs outside the namespace.
A c-group namespace virtualizes the contents of the /proc/self/Cgroup file. Processes inside this are only able to view paths relative to their namespace root.
So there you have a brief overview of the seven most used namespaces. Hopefully, This will give you a better understanding of what namespaces are and their different types.