With the advent of containers , it is very easy to isolate linux process into their own little environments. By this we run a whole range of applications on a single linux Machine where each container works independently. No two containers will interfere each other. But how does this happen?, what happens under the hood?
There are many libraries and components from Linux kernel that are used while working with containers. Some of these are available by default and some needs to be installed.
We already discussed about the chroot command which is a basic idea of the namespace. Just as chroot allows process to see any directory as the root of the system ( which is independent to the rest of the process ) linux namespaces allow other aspects of the operating system like network,process ,memory,mount points, inter process communication etc to be independently modified.
Name Spaces in Use - When we are working on single user computer everything is fine but when working on the multi user computer where multiple services are running, it is very important to handle security of the services. If many cases when one service is attacked,it can lead to the whole system attack. Namespace isolate the environment where the service is running.
If we ever see a site like TopCoder or HackerRank where it allows environment for developers to write code and test. How does the code does not affect the system if it is malicious. The sites implement a way where they provide a secure environment with all resources like memory, network, cpu , disk etc. When the developer executes his code , the code will executed in a environment that will not impact other environments running code. Each environment will have their own area with own resources like memory,cpu , disk , network etc and will not interface with other environments. This is what we all as Namespace.
This is what the container use. They run in their own namespaces where they have their own resources and will not interfere with other containers.
Unshare - Unshare is a command available in linux that allows to run a program with namespaces defined which are unshared from parent. Lets see how to use this unshare command,
[root@dev jail]# hostname
dev.testing.com
[root@dev jail]# unshare -u /bin/sh
sh-4.1# hostname my-new-hostname
sh-4.1# hostname
my-new-hostname
sh-4.1# exit
exit
[root@dev jail]# hostname
dev.testing.com
If you see the usage of the above command , we can see that hostname is set to “dev.testing.com” . Once we use the unshare command ,we are actually creating a namespace and logging in to the namespace. Once we are in a separate environment, we changed the hostname to “my-new-hostname” and once we are done , the hostname is back to original.
More to Come,Happy learning :-)
No comments :
Post a Comment