{"version":"1.0","provider_name":"UDS Enterprise","provider_url":"https:\/\/udsenterprise.com\/en\/","author_name":"UDS Enterprise Team","author_url":"https:\/\/udsenterprise.com\/en\/author\/uds-enterprise-team\/","title":"Isolating systems with Linux Namespaces","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"X9P91QFG9X\"><a href=\"https:\/\/udsenterprise.com\/en\/isolating-systems-linux-namespaces\/\">Isolating systems with Linux Namespaces<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/udsenterprise.com\/en\/isolating-systems-linux-namespaces\/embed\/#?secret=X9P91QFG9X\" width=\"600\" height=\"338\" title=\"&#8220;Isolating systems with Linux Namespaces&#8221; &#8212; UDS Enterprise\" data-secret=\"X9P91QFG9X\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/udsenterprise.com\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/udsenterprise.com\/wp-content\/uploads\/2022\/11\/img-linea-blanca.gif","thumbnail_width":67,"thumbnail_height":4,"description":"If you\u2019ve used tools like Docker, you already know that these tools are capable of isolating processes in small \u201ccontainers\u201d. Running processes in Docker containers is like running them in virtual machines, only these containers are significantly lighter than virtual machines. With the introduction of Linux namespaces, it became possible to have multiple \u201cnested\u201d process trees. Each process tree can have an entirely isolated set of processes. This can ensure that processes belonging to one process tree cannot inspect or kill - in fact cannot even know of the existence of - processes in other sibling or parent process trees. Every time a computer with Linux boots up, it starts with just one process, with process identifier (PID) 1. This process is the root of the process tree, and it initiates the rest of the system by performing the appropriate maintenance work and starting the correct daemons\/services."}