A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.
There are 7 namespaces in Linux:
- Cgroup: cgroup = control group. Resource limiting, prioritization, accounting and control.
- IPC: Inter-process Communication
- Network: Network devices, ports, etc.
- Mount: Mount points (of file systems)
- PID: Process IDs
- User: User and group IDs
- UTS: UNIX Timesharing System, named after the data structure used to store info returned by
unamesystem call. Isolates hostname and NIS domain name.
- cgroup ≡ control group
- System for resource management on Linux
- Directory hierarchy at
- Limit, throttle, and account for resource usage per control group
- Each resource interface is provided by a controller
- Used to constrain resources that are allocated to processes.
systemd is chosen as the init system for a Linux distribution, the
init process generates and consumes a root control group (
cgroup) and acts as a
systemd has a tight integration with
cgroups and allocates a
cgroupv1 has a hierarchy per-resource (resource = cpu, devices, memory, pids, etc):
- Separate hierarchy/cgroups for each resource
- cgroups can be nested inside each other
- Limits and accounting are performed per-cgroup
- One PID is in exactly one cgroup per resource
/sys/fs/cgroup => resource => cgroup => pid
cgroupv2 has a unified hierarchy, Each cgroup can support multiple resource domains.
- cgroups are "global": not limited to one resource
- Resources are now opt-in for cgroups
- Granularity at TGID (PID), not TID level
- Focus on simplicity/clarity over ultimate flexibility
/sys/fs/cgroup => cgroup => (cgroup) => pid => (resource)
To check which cgroup version your distribution uses:
stat -fc %T /sys/fs/cgroup/
- For cgroup v2, the output is
- For cgroup v1, the output is
To check the layout: