Linux Security Technologies

Explore how Linux kernel namespaces enable container isolation within Docker. Understand each namespace type and its role in securing containers, along with Docker’s use of supplementary technologies for enhanced protection.

We'll cover the following...

Kernel namespaces
Namespace security and limitations
Docker on Linux
Docker’s usage of namespaces

Kernel namespaces

Kernel namespaces, usually shortened to namespaces, are the main technology for building containers. Let’s quickly compare namespaces and containers with hypervisors and virtual machines (VM).

Namespaces virtualize operating system constructs such as process trees and filesystems, whereas hypervisors virtualize physical resources such as CPUs and disks. In the VM model, hypervisors create virtual machines by grouping virtual CPUs, virtual disks, and virtual network cards so that every VM looks, smells, and feels like a physical machine. In the container model, namespaces create virtual operating systems (containers) by grouping virtual process trees, virtual filesystems, and virtual network interfaces so that every container looks, smells, and feels exactly like a regular OS.

Namespace security and limitations

At a very high level, namespaces ...

1.About the Course

2.Multi-Container Apps with Compose

3.Docker Swarm

4.Deploying Applications with Docker Stacks

5.Docker and WebAssembly

6.Docker Networking

7.Docker Overlay Networking

8.Volumes and Persistent Data

9.Docker Security

10.What’s Next?

11.Appendix: Getting Docker and Compose

Linux Security Technologies

Kernel namespaces

Namespace security and limitations