Reputation: 946
Why is it possible to nest pid_namespaces?
I don't see the advantage of nesting pid_namespaces.
man 7 pid_namespaces states:
PID namespaces isolate the process ID number space, meaning that processes in different PID namespaces can have the same PID. PID namespaces allow containers to provide functionality such as suspending/resuming the set of processes in the container and migrating the container to a new host while the processes inside the container maintain the same PIDs.
If I nest the pid_namespaces, parent spaces shouldn't be able to access child spaces ordinary if they are filled with the same pids like in their own space. Furthermore it is not connected to any sort of advantage in terms of forming "containers".
So, why — as man 7 pid_namespaces states — is it possible to nest pid_namespaces?
Upvotes: 2
Views: 170
Answers (1)
Reputation: 224522
"Containers" in this context refer to technologies such as Docker, which allow you to have a lightweight "machine within a machine" without it being a full-fledged VM.
A container has a filesystem and a set of PIDs in its own namespace. This way, multiple containers can be running with their own set of PIDs in a way that won't conflict with each other. This allows for isolation between containers.
Upvotes: 2
Related Questions
- unshare command doesn't create new PID namespace
- Does getppid Refers to Parent OR Real Parent?
- what is the purpose of tasks member of 'struct pid' defined in Linux/include/linux/pid.h?
- Why do multiple windows of some applications share same pid?
- Why does ps show all processes in a new pid namespace?
- Meaning of struct pid_type in Linux kernel
- How can I determine which namespaces a PID is in from kernel space?
- What is the relation between `task_struct` and `pid_namespace`?
- Docker pid namespace and Host
- How do nested namespaces work?