Download odp - LSA2 - 02 Namespaces

Transcript

Linux Namespaces

Why do we need that?

What namespaces do we have?

UTS namespace

User namespace

PID namespace

IPC namespace

Mount namespace

Network namespace

Kernel configuration?

General Setup -> Namespaces support -> *

CONFIG_NAMESPACES=yCONFIG_UTS_NS=yCONFIG_IPC_NS=yCONFIG_USER_NS=yCONFIG_PID_NS=yCONFIG_NET_NS=y

Software implementation

#include int clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ... /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ ); clone() creates a new process...CLONE_NEWUTSCLONE_NEWIPCCLONE_NEWNETCLONE_NEWPIDCLONE_NEWNSCLONE_NEWUSER

Software implementation

#include int setns(int fd, int nstype); Given a file descriptor referring to a namespace, reassociate the calling thread with that namespace.

Supports:
CLONE_NEWIPC CLONE_NEWNET CLONE_NEWUTS

UTS namespace

The server is installed in Chicago.Timezone: North America -> US -> ChicagoApp requires timezone: Europe -> London

If the app can not handle the timezone change by its own... we have three choices:1. Create a chrooted environment with different default timezone2. Create a virtual machine and put the app there3. Create a new UTS namespace and start the app in it

User namespace

User authentication and mapping files:/etc/passwd

/etc/group

/etc/shadow

- What if we want to create a username called pesho, but such user already exists?
- What if we want to create user joan with UID 1005, but there is already user pesho with UID 1005?

IPC namespace

Unix/Linux IPCs- unix domain sockets- shared memory- semaphores- message queues/proc/PID/fd/ |- 3 -> socket:[3537]

IPC namespace

Unix/Linux IPCs- unix domain sockets- shared memory- semaphores- message queues

key shmid owner perms bytes nattch 0x0052e2c1 1139834880 postgres 600 37879808 4

Network namespace

- IP - IPv6- Routing- TCP- UDP- SCTP- DCCP- RDS

Having separate

loopback device for a processOr simply test the MySQL

server on the same IPCompletely different routing

for a process

Mount namespace

the most complex one...having only one / is a problem...

- at around 22000 mounts everything on your machine starts to lag... no matter how many cores or ram you have :(

- having a different /proc/mounts per process would be nice and very interesting to implement... :)

PID namespace

Migration of processes between machines (CRIU)It allows you to have a two or more processes running with the same PID.PID- is the PID on the host machineNSPID- is the PID that the process sees PIDNSPID 1421 5420ssh-agent 1730 5420xchat 1756 5420firefox


Recommended

Пространства имен Linux (linux namespaces)
Пространства имен Linux (linux namespaces) Software
Setting Up Namespaces
Setting Up Namespaces Documents
LSA2 - 01 Virtualization with KVM
LSA2 - 01 Virtualization with KVM Education
LSA2 - 02 chrooting
LSA2 - 02 chrooting Education
Namespaces in XML
Namespaces in XML Documents
Literal Notation for Arrays and Namespaces AdámBrudzewsky · for Arrays and Namespaces AdámBrudzewsky. 1 #dyalog17 Literal Notation for Arrays and Namespaces adam@dyalog.com Literal
Literal Notation for Arrays and Namespaces AdámBrudzewsky · for Arrays and Namespaces AdámBrudzewsky. 1 #dyalog17 Literal Notation for Arrays and Namespaces [email protected] Literal Documents
Namespaces in SPKI
Namespaces in SPKI Documents
Namespaces in Linux
Namespaces in Linux Technology
Namespaces for Kazimir
Namespaces for Kazimir Technology
Namespaces, InfoSet, XML Formats
Namespaces, InfoSet, XML Formats Documents
LSA2 - 02 Control Groups
LSA2 - 02 Control Groups Education
Zoned Namespaces - SNIA
Zoned Namespaces - SNIA Documents
WinJS Classes and Namespaces
WinJS Classes and Namespaces Documents
2. XML-Namespaces
2. XML-Namespaces Documents
Namespaces and Autoloading
Namespaces and Autoloading Software
Isbd namespaces
Isbd namespaces Documents
XML Namespaces
XML Namespaces Documents
Namespaces y C#
Namespaces y C# Education