Namespaces in Linux allow isolating various processes in separate environments, and these are handy for creating light virtual machines such as Linux Containers, or LXC.
Here are basic steps on how to create a new namespace in LXC:
1. `unshare` command: UNIX systems provide the `unshare` command that allows you to run a process in a new namespace. Below is a simple example on how to start a shell in a new namespace:
\`\`\` sudo unshare —fork —pid —mount-proc /bin/sh \`\`\` This will start a new shell, isolated in a new user, PID, and mount namespace.1. Verify the namespace: Now, we need to verify that the new shell is indeed running in a different namespace. To do it, we can check the PID (process ID) of the shell inside and outside of the namespace:
Inside the namespace, run: \`\`\` echo $$ \`\`\` Outside of the namespace, in another shell run: \`\`\` pgrep -fl /bin/sh \`\`\` You would notice that the PID of the command inside the namespace is 1, as it’s the first command running in this new namespace. However, outside of the namespace, it would apparently be running with another PID.1. Configure the namespace: The new namespace is completely isolated and independent, so it has no network access or filesystem. We need to configure a root filesystem and networking using `mount` and network tools like `ip`.
Note: The Linux `unshare` command provides flags to set up new namespaces e.g. network namespace (`unshare -n`), IPC namespace (`unshare -i`), etc. Check the man page `man unshare` for more details.
Again, the `unshare` command is a basic and manual way to set up namespaces. For handling namespaces in a more systematic and scalable way, you should use LXC, Docker, or other containerization tools. They provide utilities and APIs that manage the lifecycle of containers including creation, deletion, stop/start, etc.
