Namespaces

The goal of this exercise is to have a first, hands-on experience with Linux namespaces. In specific, we will get a first idea around PID and NET namespaces.

For this purpose, we will use the unshare Linux utility which is a wrapper around the unshare system call. Using it, we will spawn a new program inside one or more new namespaces, which are specified as command line options.

PID namespace

Run bash into a new PID namespace

sudo unshare --fork --pid --mount-proc /bin/bash

Inspect processes from inside:

top

Inspect processes from outside (host console):

pgrep -xa top

What do you observe?

Inspect network interfaces from inside:

ip link

What do you observe?

Exit from process (and from namespace)

exit

NET namespace

Now, run bash inside a new PID and NET namespace.

sudo unshare --fork --pid --net --mount-proc /bin/bash

Inspect network interfaces from inside:

ip link

What do you observe?

Exit
```
exit
```

What happens under the hood?

Let's trace the system calls executed from the last case:

sudo strace unshare --fork --pid --net --mount-proc /bin/bash

What system calls do you observe near the end of the trace output?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

01-namespaces.md

01-namespaces.md

Namespaces

PID namespace

NET namespace

What happens under the hood?

Files

01-namespaces.md

Latest commit

History

01-namespaces.md

File metadata and controls

Namespaces

PID namespace

NET namespace

What happens under the hood?