Namespace concept
Linux Namespace is a kernel function, which can isolate a series of system resources, such as PID (Process ID), User ID , Network and so on. Generally seen here, many people will think of a command chroot, just chrootallow the current directory becomes the root directory of the same (being isolate of), Namesapce also be performed on some resources, the process isolation Together, these resources include process tree, network interface, mount points, and so on.
For example, a company to sell their computing resources to the outside world. The company has a good performance of the server, each user to buy a tomcat instance to run their own applications. Some naughty customers may inadvertently enter the tomcat example to others, modify or shut down some of the resources of them, this will lead to mutual interference between the various customers. Perhaps you will say, we can limit the rights of different users, so that users can only access tomcat their own name, but some operations may require system-level privileges, such as root. We can not give each user to grant root privileges, it is impossible to provide each user a new physical host them isolated from each other, so here Linux Namespace came in handy. Use Namespace, we can do UID level of isolation, that is to say, we can UID of n users, out of a virtual namespace, which in this namespace, users with root privileges. But in the real physical machine, he is n the UID of the user, this would resolve the problem of isolation between users. Of course, this is just Namespace one simple function.
In addition to User Namespace, PID can also be virtual. Namespace to create different views of the system, for each namespace, it seems, should be the same from the user as a single Linux computer, have their own init process (PID