6,534
edits
Changes
added image of CTs
A namespace is a feature to limit the scope of something. Here, namespaces are used as containers building blocks. A simple case of a namespace is chroot.
[[Image:Chroot.png|right|200px]]
=== Chroot ===
Traditional UNIX <code>chroot()</code> system call is used to change the root of the file system of a calling process to a particular directory. That way it limits the scope of file system for the process, so it can only see and access a limited sub tree of files and directories.
Note that memory and CPU need not be namespaced. Existing virtual memory and multitask mechanisms are already taking care of it.
[[Image:CTs.svg|400px|right]]
=== Single kernel approach ===
to not trash the other containers.
==== Disk I/O bandwidth ====
I/O bandwidth (in bytes per second) can be limited per-container (currently only available in commercial Parallels Virtuozzo Containers).
All the containers share the same physical memory and swap space, and other similar resources like a page cache.
FIXME
=== Miscellaneous resources ===
* number of iptables rules
* number of sockets
* etc.
=== Read more ===
== Checkpointing and live migration ==
== Miscellaneous topics ==
