{"id":252,"date":"2018-10-31T09:32:00","date_gmt":"2018-10-31T09:32:00","guid":{"rendered":""},"modified":"2019-07-03T13:14:49","modified_gmt":"2019-07-03T13:14:49","slug":"linux-namespaces-part-1","status":"publish","type":"post","link":"https:\/\/opstree.com\/blog\/2018\/10\/31\/linux-namespaces-part-1\/","title":{"rendered":"Linux Namespaces &#8211; Part 1"},"content":{"rendered":"<div dir=\"ltr\" style=\"text-align:left;\">\n<h2 style=\"text-align:left;\">Overview<\/h2>\n<div>First of all I would like to give credit to Docker which motivated me to write this blog, I&#8217;ve been using docker for more then 6 months but I always wondered how things are happening behind the scene. So I started in depth learning of Docker and here I am talking about Namespace which is the core concept used by Docker.<\/p>\n<p>Before talking about Namespaces in Linux, it is very important to know that what namespaces actually is?<\/p>\n<\/div>\n<div><\/div>\n<div>Let&#8217;s take an example, We have two people with the same first name&nbsp;<b>Abhishek Dubey and&nbsp;<\/b><b>Abhishek Rawat&nbsp;<\/b>but we can differentiate them on the basis of their surname <b>Dubey<\/b> and <b>Rawat<\/b>. So you can think surname as a namespace.<\/p>\n<p>In Linux, namespaces are used to provide isolation for objects from other objects. So that anything will happen in namespaces will remain in that particular namespace and doesn&#8217;t affect other objects of other namespaces. For example:- we can have the same type of objects in different namespaces as they are isolated from each other.<\/p>\n<\/div>\n<div><\/div>\n<div>In short, due to isolation, namespaces limits how much we can see.<\/p>\n<p>Now you would be having a good conceptual idea of Namespace let&#8217;s try to understand them in the context of Linux Operating System.<\/p>\n<\/div>\n<h3 style=\"text-align:left;\">Linux Namespaces<\/h3>\n<div>Linux namespace forms a single hierarchy, with all processes and that is <b>init.<\/b>&nbsp;Usually, privileged processes and services can trace or kill other processes. Linux namespaces provide the functionality to have many hierarchies of processes with their own &#8220;subtrees&#8221;, such that, processes in one subtree can&#8217;t access or even know those of another.<\/div>\n<div><\/div>\n<div>A namespace wraps a global system resource (For ex:- PID) using the abstraction that makes it appear to processes within the namespace that they have, using their own isolated instance of the said resource.<\/p>\n<\/div>\n<div>\n<div class=\"separator\" style=\"clear:both;text-align:center;\"><a href=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2018\/10\/0b413-blank2bdiagram2b252842529.png\" style=\"clear:left;float:left;margin-bottom:1em;margin-right:1em;\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" height=\"513\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2018\/10\/0b413-blank2bdiagram2b252842529.png?w=300\" width=\"640\"><\/a><\/div>\n<\/div>\n<div><\/div>\n<div><\/div>\n<div>\n<p>In the above figure, we have a process named <b>1 <\/b>which is the first PID and from <b>1 <\/b>parent process there are new PIDs are generated just like a tree. If you see the <b>6th <\/b>PID in which we are creating a subtree, there actually we are creating a different namespace. In the new namespace, <b>6th <\/b>PID will be its&nbsp;<b>first and parent <\/b>PID. So the child processes of <b>6th <\/b>PID cannot see the parent process or namespace but the <b>parent process <\/b>can see the child <b>PIDs <\/b>of the subtree.<\/p>\n<\/div>\n<div><\/div>\n<div>Let&#8217;s take PID namespace as an example to understand it more clearly. Without namespace, all processes descend(move downwards) hierarchically from <b>First PID <\/b>i.e. <b>init.<\/b>&nbsp;If we create PID namespace and run a process in it, the process becomes the <b>First PID <\/b>in that <b>namespace. <\/b>In this case, we wrap a global system resource(<b>PID<\/b>). The process that creates the namespace still remains in the parent namespace but makes it child for the root of the new process tree.<\/div>\n<div><\/div>\n<div>This means that the processes within the new namespace cannot see the parent process but the parent process can see the child namespace process.&nbsp;<\/div>\n<div>I hope you have got a clear understanding of Namespaces concepts &amp; what purpose they serve in a Linux OS. The next blog of this series will talk about how we use namespace to restrict usage of system resources such as network, mounts, cgroups&#8230;<\/div>\n<div>\n<ol style=\"text-align:left;\"><\/ol>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Overview First of all I would like to give credit to Docker which motivated me to write this blog, I&#8217;ve been using docker for more then 6 months but I always wondered how things are happening behind the scene. So I started in depth learning of Docker and here I am talking about Namespace which &hellip; <a href=\"https:\/\/opstree.com\/blog\/2018\/10\/31\/linux-namespaces-part-1\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Linux Namespaces &#8211; Part 1&#8221;<\/span><\/a><\/p>\n","protected":false},"author":89038429,"featured_media":29900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[768739308,768739305,768739285,2593229],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/DevSecOps-1.jpg","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pfDBOm-44","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/252"}],"collection":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/users\/89038429"}],"replies":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/comments?post=252"}],"version-history":[{"count":2,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/252\/revisions"}],"predecessor-version":[{"id":681,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/252\/revisions\/681"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media\/29900"}],"wp:attachment":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media?parent=252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/categories?post=252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/tags?post=252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}