namespaces(7) Miscellaneous Information Manual namespaces(7) namespaces - Linux , , . , , . -- . This page provides pointers to information on the various namespace types, describes the associated /proc files, and summarizes the APIs for working with namespaces. Namespace types The following table shows the namespace types available on Linux. The second column of the table shows the flag value that is used to specify the namespace type in various APIs. The third column identifies the manual page that provides details on the namespace type. The last column is a summary of the resources that are isolated by the namespace type. Flag Page Cgroup CLONE_NEWCGROUP cgroup_namespaces(7) cgroup IPC CLONE_NEWIPC ipc_namespaces(7) System V IPC, POSIX Network CLONE_NEWNET network_namespaces(7) , , Mount CLONE_NEWNS mount_namespaces(7) PID CLONE_NEWPID pid_namespaces(7) Time CLONE_NEWTIME time_namespaces(7) Boot and monotonic clocks User CLONE_NEWUSER user_namespaces(7) UTS CLONE_NEWUTS uts_namespaces(7) NIS /proc . API : clone(2) The clone(2) system call creates a new process. If the flags argument of the call specifies one or more of the CLONE_NEW* flags listed above, then new namespaces are created for each flag, and the child process is made a member of those namespaces. (This system call also implements a number of features unrelated to namespaces.) setns(2) setns(2) . , /proc/pid/ns, . unshare(2) The unshare(2) system call moves the calling process to a new namespace. If the flags argument of the call specifies one or more of the CLONE_NEW* flags listed above, then new namespaces are created for each flag, and the calling process is made a member of those namespaces. (This system call also implements a number of features unrelated to namespaces.) ioctl(2) ioctl(2). ioctl_ns(2). clone(2) unshare(2), , CAP_SYS_ADMIN, , , . : Linux 3.8 . The /proc/pid/ns/ directory /proc/pid/ns/ , , setns(). $ ls -l /proc/$$/ns | awk '{print $1, $9, $10, $11}' total 0 lrwxrwxrwx. cgroup -> cgroup:[4026531835] lrwxrwxrwx. ipc -> ipc:[4026531839] lrwxrwxrwx. mnt -> mnt:[4026531840] lrwxrwxrwx. net -> net:[4026531969] lrwxrwxrwx. pid -> pid:[4026531836] lrwxrwxrwx. pid_for_children -> pid:[4026531834] lrwxrwxrwx. time -> time:[4026531834] lrwxrwxrwx. time_for_children -> time:[4026531834] lrwxrwxrwx. user -> user:[4026531837] lrwxrwxrwx. uts -> uts:[4026531838] (bind mounting) ( mount(2)) pid , . ( , ) pid. , , . setns(2). Linux 3.7 . Linux 3.8 . , /proc/pid/ns/xxx ; stat.st_dev stat.st_ino, stat(2). : $ readlink /proc/$$/ns/uts uts:[4026531838] : /proc/pid/ns/cgroup ( Linux 4.6) cgroup . /proc/pid/ns/ipc ( Linux 3.0) IPC . /proc/pid/ns/mnt ( Linux 3.8) mount . /proc/pid/ns/net ( Linux 3.0) network . /proc/pid/ns/pid ( Linux 3.8) PID . (. ., PID ). /proc/pid/ns/pid_for_children ( Linux 4.12) PID , . unshare(2) setns(2) ( pid_namespaces(7)), /proc/pid/ns/pid. ( readlink(2) ). /proc/pid/ns/time ( Linux 5.6) This file is a handle for the time namespace of the process. /proc/pid/ns/time_for_children ( Linux 5.6) This file is a handle for the time namespace of child processes created by this process. This can change as a consequence of calls to unshare(2) and setns(2) (see time_namespaces(7)), so the file may differ from /proc/pid/ns/time. /proc/pid/ns/user ( Linux 3.8) user . /proc/pid/ns/uts ( Linux 3.0) UTS . (readlink(2)) ptrace PTRACE_MODE_READ_FSCREDS; ptrace(2). The /proc/sys/user directory /proc/sys/user ( Linux 4.9) , . : max_cgroup_namespaces cgroup, . max_ipc_namespaces ipc, . max_mnt_namespaces , . max_net_namespaces , . max_pid_namespaces PID, . max_time_namespaces ( Linux 5.7) The value in this file defines a per-user limit on the number of time namespaces that may be created in the user namespace. max_user_namespaces , . max_uts_namespaces uts, . : o . o , , , . o . , . o , UID 0. o , (, PID). o clone(2) unshare(2) ENOSPC. o , (/proc/sys/kernel/threads-max). MAXINT. o , . : o UID. o , UID , , UID . o , , . , , . , . : o /proc/pid/ns/*. o (. ., PID ) . o , . o PID , /proc/pid/ns/pid_for_children. o It is a time namespace, and there is a process that refers to the namespace via a /proc/pid/ns/time_for_children symbolic link. o IPC mqueue ( mq_overview(7)) . o PID proc(5) . clone(2) user_namespaces(7). . nsenter(1), readlink(1), unshare(1), clone(2), ioctl_ns(2), setns(2), unshare(2), proc(5), capabilities(7), cgroup_namespaces(7), cgroups(7), credentials(7), ipc_namespaces(7), network_namespaces(7), pid_namespaces(7), user_namespaces(7), uts_namespaces(7), lsns(8), switch_root(8) Alex Nik , Azamat Hackimov , Dmitry Bolkhovskikh , Yuri Kozlov ; GNU 3 , . . , , . Linux man-pages 6.06 31 2023 . namespaces(7)