• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
LSA2 - 02  Namespaces
 

LSA2 - 02 Namespaces

on

  • 1,969 views

Linux System Administration 2 - 02 Namespaces

Linux System Administration 2 - 02 Namespaces

Statistics

Views

Total Views
1,969
Views on SlideShare
131
Embed Views
1,838

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 1,838

http://training.iseca.org 1838

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    LSA2 - 02  Namespaces LSA2 - 02 Namespaces Presentation Transcript

    • Linux Linux  NamespacesNamespaces
    • Why do we need that?Why do we need that?
    • What namespaces do we have?What namespaces do we have? ● UTS namespace ● User namespace ● PID namespace ● IPC namespace ● Mount namespace ● Network namespace
    • Kernel configuration?Kernel configuration? General Setup -> Namespaces support -> * CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y
    • Software implementationSoftware implementation #include <sched.h> int clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ... /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ ); clone() creates a new process... CLONE_NEWUTS CLONE_NEWIPC CLONE_NEWNET CLONE_NEWPID CLONE_NEWNS CLONE_NEWUSER
    • Software implementationSoftware implementation #include <sched.h> int setns(int fd, int nstype); Given a file descriptor referring to a namespace, reassociate the calling thread with that namespace. Supports: CLONE_NEWIPC CLONE_NEWNET CLONE_NEWUTS
    • UTS namespaceUTS namespace The server is installed in Chicago. Timezone: North America -> US -> Chicago App requires timezone: Europe -> London If the app can not handle the timezone change by its own... we have three choices: 1. Create a chrooted environment with different default timezone 2. Create a virtual machine and put the app there 3. Create a new UTS namespace and start the app in it
    • User namespaceUser namespace User authentication and mapping files: ● /etc/passwd ● /etc/group ● /etc/shadow - What if we want to create a username called pesho, but such user already exists? - What if we want to create user joan with UID 1005, but there is already user pesho with UID 1005?
    • IPC namespaceIPC namespace Unix/Linux IPCs - unix domain sockets - shared memory - semaphores - message queues /proc/PID/fd/ |- 3 -> socket:[3537]
    • IPC namespaceIPC namespace Unix/Linux IPCs - unix domain sockets - shared memory - semaphores - message queues key shmid owner perms bytes nattch 0x0052e2c1 1139834880 postgres 600 37879808 4
    • Network namespaceNetwork namespace - IP - IPv6 - Routing - TCP - UDP - SCTP - DCCP - RDS ● Having а separate loopback device for a process ● Or simply test the MySQL server on the same IP ● Completely different routing for a process
    • Mount namespaceMount namespace the most complex one... having only one / is a problem... - at around 22000 mounts everything on your machine starts to lag... no matter how many cores or ram you have :( - having a different /proc/mounts per process would be nice and very interesting to implement... :)
    • PID namespacePID namespace Migration of processes between machines (CRIU) It allows you to have a two or more processes running with the same PID. PID - is the PID on the host machine NSPID - is the PID that the process sees PID NSPID 1421 5420 ssh-agent 1730 5420 xchat 1756 5420 firefox