Linux Linux Namespaces: Isolating Processes

[dEEpEst]

Linux Namespaces: Isolating Processes

Welcome to the world of digital security, Hack Tools Dark Community!

Today, let's explore how Linux creates isolated "sandboxes" for processes using namespaces.

• ⏺ PID Namespace - Your Own Process Tree:
  Isolate processes so they only see each other without accessing host processes.
  
  

  sudo unshare --pid --fork --mount-proc /bin/bash

  
  Inside the new shell, use:
  

  ps aux

  
  As a result, you will only see the processes launched within this namespace.
• ⏺ NET Namespace - Separate Network for Each Container:
  Create a separate network stack with unique interfaces and IP addresses.
  
  

  sudo ip netns add mynetns
  sudo ip netns exec mynetns bash
  ip link show

  
  Inside the namespace, only the local interface will be available initially, offering complete network isolation.
• ⏺ MNT Namespace - Isolate File Systems:
  Provide each process with its own mount points. This allows working with different filesystems without affecting the host.
  
  

  sudo unshare --mount /bin/bash
  mount -t tmpfs tmpfs /mnt
  mount | grep /mnt

  
  The newly created mount point will be visible only inside the namespace, hidden from the host system.

---

Disclaimer:
This post is for educational purposes only. Use the information responsibly and only in environments where you have permission to perform such actions.

Join the discussion below! Share your experiences with namespaces or ask questions!