Skip to main content

Docker is being widely adopted as an open platform for developers and sysadmins to build, ship, and run distributed applications, whether on laptops, data center VMs, or the cloud. It serves the purposes for a developer to large scale companies.


Namespaces are the important building block of Containers which isolates the applications from each other within single or multiple container' scope. When multiple processes / services are being run on multiple containers (on a single host system) then such isolation is a necessity from security and stability standpoints. A very essential command "docker run" itself creates the set of namespaces and controls the containers.

There are different types of namespaces available to sever the various purposes.

1. IPC Namespace

  • IPC stands for Inter Process Communication, is enabled on all the containers by default.
  • It provides shared memory, semaphores and message queues without any risk of conflicting among multiple containers.
  • Processes running in one IPC namespace cannot access the resources from another namespace.
  • IPC namespace is used for the containers hosting databases and high performing applications wherein share memory segment utilization is important.

2. MNT Namespace

  • Docker hosts are loaded with minimum number of operating system packages without Gluster file system.
  • Through MNT namespace, a container can have its own set of mounted file systems and root directories.
  • Processes running in one MNT namespace cannot see the mounted file system of another MNT namespace.
  • Through MNT namespace each isolated process can have its own root with a completely different view of the file structure.
  • Such mounted files systems can be private (explicitly available only for certain container) or shared.

3. NET Namespace

  • Different network interfaces can be managed over the containers (and hosts) using NET namespaces.
  • Let's consider - we have an Apache server running with different instances on multiple containers. Every instance of Apache server needs to access the port 80 on each of the containers - this is what NET namespace avails through managing the network interfaces.
  • These special network interfaces can be created on containers as well as host system so they can communicate with each other seamlessly. 

4. PID Namespace

  • With PID namespace, processes from each containers can have its own identifiers, sequences and process hierarchy.
  • In such hierarchy processes from parent namespaces can see and affect processes from child namespaces but processes from child namespaces cannot do so.

5. USER Namespace

  • USER names allows the mapping of users and groups based on the namespaces.
  • In such scenarios users from host system can have a different user id in the containers.

6. UTS Namespace

  • UTS stands for UNIX Time-sharing System Sharing and isolates system identifiers "Nodename" and "Hostname".
  • UTS namespace allows to have different host-names for each containers within the Docker.
3 minutes