Containers unplugged: Linux namespaces - Michael Kerrisk
HTML-код
- Опубликовано: 18 сен 2019
- Linux namespaces are a resource isolation technique. Each namespace type wraps some global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of that resource, when in fact there are multiple instances of the resource, with each instance private to a particular group of process. Namespaces are key building blocks for a number of interesting technologies--most notably containers, but also a range of other interesting applications such as Flatpak and Firejail.
In this presentation we'll look at various Linux namespace types--including UTS, mount, network, and PID namespaces--in order to understand what resources they govern and what use cases they serve. Along the way, we should have time for a live demo or two, so as to make the "theory" more concrete.
Save the date for NDC TechTown 2020 (31st of August - 3rd of September)
Check out more of our talks at:
ndctechtown.com/
www.ndcconferences.com/ - Наука
One of the very best talks on namespaces and Linux. Thanks a ton!
.
I need to consume this in multiple pieces. I love the depth.
❤ and 🙏 gratitude from Chennai.
Great talk, Really enjoyed watching.
Thanks Michael..
Thank you so much for this, I use what you taught me in this lecture everyday
Great introduction to namespace.
Really enjoyed this tutorial. :)
Excellent, concise and precise. Thanks!
Wow! Very enlightening. Thank you!
Masterclass! Excelent explanation, i am right now going to part 2. Thanks!
For those who want to see the next session
ruclips.net/video/73nB9-HYbAI/видео.html
Thank you !!!
This talk just made me realize the gap in my linux knowledge, because I didn’t understand sh*t😅 Nevertheless, it was a great talk!!! Will surely revisit some time later
Excellent talk.
Regarding the question at the very end: I think network namespaces provide isolation for Unix domain sockets too. If so, how can there be a Unix domain socket connection between two different network namespaces?
Network namespaces provide isolation of so-called abstract UNIX domain sockets. But normal UNIX domain sockets are not isolated by network namespaces, and thus it's possible to establish a UNIX domain socket connection between network namespaces.
Any idea where to get the slide deck for this presentation?
Why did they write docker in go? All the C namespace apis are clear and concise already.
where is the 2nd part . thanks.
I guess it is here ruclips.net/video/73nB9-HYbAI/видео.html
It might be better to demo not only the PID and UTS namespaces like mount namespace
What does the $$ do? @19:00
if I'm not mistaken it holds PID of the current process (in this case it should be shell PID it's being executed in)
@@orustammanapov -- your shell's PROCESS ID -- echo $$ will show you what is actually is