namespace in Linux

This article will namespace this knowledge point, carry on the simple summary, strives for the popular easy pass. In the process of data summary, refer to a lot of online blog material, at the end of the article to give relevant links.

namespace, the namespace, from the name, should be similar to the space containing many names, for example, three years of Xiao Ming and three years of the second class of Xiaoming, although their names are the same, but the class is not the same, then, in the full-year ranking above, even if there are two names like Xiaoming, They are also distinguished by their respective numbers. For schools, each class is the equivalent of a namespace, and the name of the space is the class number. Class number is used to describe the logic of the student group information, as to what students assigned to 1 classes, what students assigned to 2 classes, it is the school level to unify the dispatch. That's basically what it means, eh.

Namespaces in C + +

The concept of namespaces is not only used in kernel, but also in other languages. For example, in C + +, all the content contained in a standard C + + library, including constants, variables, structures, classes, and functions, is defined in the namespace Std. We can define a well-known namespace, or we can define nameless namespaces, and namespaces can be nested and defined,

   1:   the famous namespace:

   2:  

   3:         namespace namespace name {

   4:  

   5:                declaration sequence Optional

   6:  

   7:         }

   8:  

   9:   Nameless namespaces:

  Ten:  

One   :         namespace {

  :  

  :                declaration sequence Optional

  :  

  :         }

  :  

In C + +, if the using namespace STD is not used at the very front of the code, you must specify the namespace (Std::cout <<) for the input and output streams, or the compiler will not find their specific implementation. It can be said that the namespace is a subdivision of the global scope.

namespace in Linux

In the Linux system, there can be multi-user multi-process at the same time, then the coordinated management of their operation, through the process scheduling and schedule management can be solved, but the overall resources are limited, how to allocate limited resources (process number, communication resources, network resources, etc.) reasonable allocation to the individual users of the process? Linux proposes a namespace mechanism, which is a lightweight form of virtualization. Once again, many of the resources in Linux are globally managed, for example, all processes in the system are identified by PID, just like each student's number, which is certainly the only one that is identified throughout the school. User ID management, each user through the global UID to identify, each school principals have only one, its UID is 0, the right to the most, can be all the teachers and students in the school to initiate orders. It is understandable that every student can see the activities of other students, but they have no right to drive them out of the school. This centralized and unified management method is very suitable for large-scale crowd management.

With the rise of big data and virtualization, Linux provides a namespace mechanism to provide more granular management mechanism of resource allocation.

namespaces establish different views of the system, and for each namespace, from the user it should look like a separate Linux computer, with its own init process (PID 0), the PID of the other process is incremented sequentially, the A and B spaces have the PID 0 init process, The process of the child container is mapped to the parent container's process, and the parent container can know the running state of each sub-container, and the child container is isolated from the child container.

Linux has a chroot system call, which restricts the process to a portion of the file system and is a simple namespace mechanism.

In the task_struct struct, there is a struct nsproxy *nsproxy this member variable,

   1:  /*

   2:    * A structure to contain pointers to all per-process

   3:    * NAMESPACES-FS (Mount), UTS, Network, SYSVIPC, etc.

   4:    *

   5:   * ' count ' is the number of the tasks holding a reference.

   6:    * The count for each namespace and then, 'll be the number

   7:    * of nsproxies pointing to it, not the number of tasks.

   8:    *

   9:    * The Nsproxy is shared by tasks which share all namespaces.

  :    * As soon as a namespace is cloned or unshared, the

One   :    * nsproxy is copied.

*   /  

  :  struct nsproxy {

  :      atomic_t count;

  :      spinlock_t nslock;

  :      struct uts_namespace *uts_ns;

  :      struct ipc_namespace *ipc_ns;

  :      struct mnt_namespace *mnt_ns;

  :      struct pid_namespace *pid_ns;

  :  };

Uts_ns:uts is the abbreviation for UNIX timesharing system, which contains information such as memory name, version, underlying architecture, and so on.

Ipc_ns: Saves all information related to interprocess communication (IPC).

Mnt_ns: currently mounted file system

Pid_ns: Information about the process ID

On the advanced version, there are Net_ns network information, User_ns resource quota information, and so on.

The following is an example of the UTS namespace, which describes how to create a user space.

As can be seen from the above frame diagram, the so-called subspace, is the parent process fork a child process out, and then the child process and the parent process does not share some resources, then, it can be said that the child process in its own namespace.

To achieve this effect, the fork's behavior must be precisely controlled, and the kernel provides the following parameters to set:

The UTS namespace has no hierarchy, and all information is aggregated into the following structure:

, Kref is a reference counter that tracks how many instances of Uts_namespace are used in the kernel. It provides the following property information:

, from the name, you can learn that UTS contains the system name, version number, machine name and so on. Use Uname-a to view this information.

The system initial default value remains in the Init_uts_ns global variable in init/version.c, and the Init_task is configured when the system initializes the task.

The user can pass the Clone_newuts standard at fork, creating a new UTS namespace. By doing this, a copy of the previous uts_namespace is generated, and the nsproxy within the current process points to the copy and can then be modified. The parent-child process's modifications to the Nx_prosy do not affect each other.

Since the original parent namespace needs to master all the PID information for all the child namespaces, all, in the fork of the namespace at all levels of the hierarchy, the PID is distributed in a unified coordinated control, for Task_struct in the sub-namespaces of all levels, The same PID can be seen differently in different namespaces.

The same process can belong to more than one namespace, and multiple processes can use the same namespace,

Reference Links:

namespace in C + +

Shallow analysis of PID namespace

Brief analysis of PID namespcae continuous

Analysis of namespace mechanism of Linux kernel

Technorati Tags: namespace kernel

namespace in Linux