Giriş
Açıklaması şöyle. Namespace'ler sayesinde LCX ve Docker gibi container teknolojileri mümkün oldu.
The building blocks of multi-tenancy are Linux namespaces, the very technology that makes LXC, Docker, and other kinds of containers possible.
Açıklaması şöyle
Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources.
Sanal bir ortam yaratılması gibi düşünülebilir. Namespace'ler şöyle. Her birisi farklı işe yararlar.
1. Network Namespace
2. PID (Process Id) Namespace
3. Mount Namespace
4. Unix Time-sharing System (UTS) Namespace
5. User Namespace
Network Namespace
Açıklaması şöyle
The networking namespace allows us to run the program on any port without conflict with other processes running on the same computer.
Açıklaması şöyle.
Only allows access to certain network devices. It has its own firewall, route rules, and socket port numbers. As an outcome, it is not able to see all traffic or contact all endpoints
PID (Process Id) Namespace
Açıklaması şöyle. Farklı PID Namespace içindeki process'ler birbirlerini "ps aux" komutu ile göremezler. Process'leri izole eder
... the PID namespace makes it so that a process can only see PIDs in its own namespace, and therefore cannot send kill signals to random processes on the host.
Açıklaması şöyle
This type of namespace will isolate processes from each other. One process cannot see others, and also same process ID can exist in multiple namespaces. Such as — Process ID 1 can exist multiple times, but once in every namespace.
Açıklaması şöyle
Mount namespace allows you to mount and unmount the filesystem without affecting the host filesystem.
Açıklaması şöyle.
Mount namespace: has an independent list of mount points seen by the processes in the corresponding namespace. This means that we can mount and unmount filesystems in a mount namespace without affecting the host filesystem.
User Namespace
Açıklaması şöyle.
A different set of user ids and group ids are used. Such as — A user (0) inside one namespace can be different from the user (0) inside another namespace.
Yeni bir PID (Process Id) Namespace içinde bash çalıştırmak için şöyle yaparız
sudo unshare --fork --pid --mount-proc bash
Hiç yorum yok:
Yorum Gönder