Namespace
Docker makes use of kernel namespaces to provide the isolated workspace called the container.
Docker creates a set of namespaces for that container.
PID namespace for process isolation.
NET namespace for managing network interfaces.
IPC namespace for managing access to IPC resources.
MNT namespace for managing filesystem mount points.
UTS namespace for isolating kernel and isolating hostnames (UNIX Time Sharing).
Namespaces in Docker provide isolation and separation of resources between containers and the host system. Docker leverages several Linux kernel namespaces to achieve this isolation. Here are some commonly used namespaces in Docker:
PID Namespace (pid): Each container has its own isolated process ID namespace. This means that processes inside a container have unique process IDs that are separate from the process IDs on the host system. The container’s processes can only see and interact with other processes within the same namespace.
Network Namespace (net): The network namespace allows each container to have its own isolated network stack. This means that each container can have its own network interfaces, IP addresses, routing tables, and firewall rules. Containers can communicate with each other over virtual networks, and they are isolated from the host system’s network.
Mount Namespace (mnt): The mount namespace provides an isolated view of the file system. Each container has its own mount namespace, allowing it to have its own file system mounts and directory tree. This isolation prevents containers from accessing or modifying files outside of their designated file systems.
IPC Namespace (ipc): The IPC namespace provides inter-process communication (IPC) isolation between containers. It ensures that communication mechanisms like shared memory, semaphores, and message queues are isolated between containers. Containers can have their own IPC resources without interfering with other containers or the host system.
UTS Namespace (uts): The UTS namespace allows each container to have its own hostname and domain name. This isolation ensures that containers can have unique identification within a network.