Chapter 2: Process Management and Scheduling
❑ The view on the mounted filesystem is given instruct mnt_namespace.
❑ struct pid_namespaceprovides information about process identifiers.
❑ struct user_namespaceis required to hold per-user information that allows for limiting
resource usage for individual users.
❑ struct net_nscontains all networking-related namespace parameters. There is, however, still
quite a lot of effort required to make this area fully aware of namespaces as you will see in
Chapter 12.I introduce the contents of the individual namespace containers when I discuss the respective subsystem.
In this chapter, we will be concerned about UTS and user namespaces. Sinceforkcan be instructed to
open a new namespace when a new task is created, appropriate flags to control the behavior must be
provided. One flag is available for each individual namespace:
<sched.h>
#define CLONE_NEWUTS 0x04000000 /* New utsname group? */
#define CLONE_NEWIPC 0x08000000 /* New ipcs */
#define CLONE_NEWUSER 0x10000000 /* New user namespace */
#define CLONE_NEWPID 0x20000000 /* New pid namespace */
#define CLONE_NEWNET 0x40000000 /* New network namespace */Each task is associated with his own view of the namespaces:
<sched.h>
struct task_struct {
...
/* namespaces */
struct nsproxy *nsproxy;
...
}Because a pointer is used, a collection of sub-namespaces can be shared among multiple processes. This
way, changes in a given namespace will be visible in all processes that belong to this namespace.
Notice that support for namespaces must be enabled at compile time on a per-namespace basis. Generic
support for namespaces is, however, always compiled in. This allows the kernel to avoid using different
code for systems with and without namespaces. By providing a default namespace that is associated with
every process unless specified differently, the namespace-aware code can always be used, but the results
will be identical to a situation in which all properties are global and not wrapped up in namespaces if no
active support for namespaces is compiled in.
The initial global namespace is defined byinit_nsproxy, which keeps pointers to the initial objects of
the per-subsystem namespaces:
<kernel/nsproxy.c>
struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy);<init_task.h>
#define INIT_NSPROXY(nsproxy) { \
.pid_ns = &init_pid_ns, \
.count = ATOMIC_INIT(1), \