You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The cgroup namespace is a new kernel feature available in 4.6+ that
allows a container to isolate its cgroup hierarchy. This is invaluable
for hiding information from /proc/self/cgroup. In the future, this
namespace may allow for subtree management by a container.
Signed-off-by: Aleksa Sarai <[email protected]>
Copy file name to clipboardexpand all lines: config-linux.md
+10-7
Original file line number
Diff line number
Diff line change
@@ -27,17 +27,17 @@ Namespaces are specified as an array of entries inside the `namespaces` root fie
27
27
The following parameters can be specified to setup namespaces:
28
28
29
29
***`type`***(string, required)* - namespace type. The following namespaces types are supported:
30
-
***`pid`** processes inside the container will only be able to see other processes inside the same container
31
-
***`network`** the container will have its own network stack
32
-
***`mount`** the container will have an isolated mount table
33
-
***`ipc`** processes inside the container will only be able to communicate to other processes inside the same container via system level IPC
34
-
***`uts`** the container will be able to have its own hostname and domain name
35
-
***`user`** the container will be able to remap user and group IDs from the host to local users and groups within the container
30
+
***`pid`** processes inside the container will only be able to see other processes inside the same container. Support for this was added in Linux 2.6.24.
31
+
***`network`** the container will have its own network stack. Support for this was added in Linux 2.6.24.
32
+
***`mount`** the container will have an isolated mount table. Support for this was added in Linux 2.4.19.
33
+
***`ipc`** processes inside the container will only be able to communicate to other processes inside the same container via system level IPC. Support for this was added in Linux 2.6.19.
34
+
***`uts`** the container will be able to have its own hostname and domain name. Support for this was added in Linux 2.6.19.
35
+
***`user`** the container will be able to remap user and group IDs from the host to local users and groups within the container. Support for this was added in Linux 3.8.
36
+
***`cgroup`** the container will have an isolated view of the cgroup hierarchy. Support for this was added in Linux 4.6.
36
37
37
38
***`path`***(string, optional)* - path to namespace file in the [runtime mount namespace](glossary.md#runtime-namespace)
38
39
39
40
If a path is specified, that particular file is used to join that type of namespace.
40
-
Also, when a path is specified, a runtime MUST assume that the setup for that particular namespace has already been done and error out if the config specifies anything else related to that namespace.
41
41
42
42
###### Example
43
43
@@ -62,6 +62,9 @@ Also, when a path is specified, a runtime MUST assume that the setup for that pa
0 commit comments