cgroups
Limits accounts and resource usage for a collection of processes.
Linux namespaces
Linux kernel feature that isolates resources of a collection of processes.
- every process is associated with a namespace
- it can only see resources in the namespace
- each process is assigned a symlink per namespace kind in
/proc/<pid>/ns/
- symlink handled by kernel
Namespace kinds
- mnt, mount namespaces control mount points
- pid, assigns each process a new PID
- net
- ipc, system V IPC identifiers, POSIX message queue filesystem
- uts, hostname, domainname
- user, uids and permissions