Linux Security Technologies

Learn how Linux namespaces create isolated environments for containers and how Docker uses them to enhance security and efficiency.

We'll cover the following...

Kernel namespaces
Namespace security and limitations
Docker on Linux
Docker's usage of namespaces

Kernel namespaces

Kernel namespaces, usually shortened to namespaces, are the main technology for building containers. Let's quickly compare namespaces and containers with hypervisors and virtual machines (VM).

Namespaces virtualize operating system constructs such as process trees and filesystems, whereas hypervisors virtualize physical resources such as CPUs and disks. In the VM model, hypervisors create virtual machines by grouping virtual CPUs, virtual disks, and virtual network cards so that every VM looks, smells, and feels like a physical machine. In the container model, namespaces create virtual operating systems (containers) by grouping virtual process trees, virtual filesystems, and virtual network interfaces so that every container looks, smells, and feels exactly like a regular OS.

Namespace security and limitations

At a very high level, namespaces ...

About the Course

Multi-container Apps with Compose

Docker Swarm

Deploying Applications with Docker Stacks

Docker and WebAssembly

Docker Networking

Docker Overlay Networking

Volumes and Persistent Data

Docker Security

What Next

Appendix: Getting Docker and Compose

Linux Security Technologies

Kernel namespaces

Namespace security and limitations