The resource isolation in Linux kernel is done via Namespaces, that are embeded in kernel mainline by steps since 2.6.19.
As of kernel 2.6.26 the major Namespaces are embeded as detailed below.
| Resource | Status | Article | -mm version | mainline version |
| Shared Subtrees | Done | lwn | – | 2.6.15 |
|---|---|---|---|---|
| UTSNAME | Done | lwn | – | 2.6.19 |
| PID | Done | lwn | – | 2.6.24 |
| IPC | Done | lwn | – | 2.6.19 |
| USER | Done | lwn | – | 2.6.23 |
| NETWORK | Done | lwn | – | 2.6.26 |
| /proc | Done | none | – | 2.6.26 |
| ro bind mount | Done | lwn | – | 2.6.24 |
The details given in the url of Resource column is valid but relatively obsolete in some cases (network), especially now that there is the lxc user space tool available in many distros.
/proc seems to be not fully virtualized and it’s very problematic :
changing /proc/sys/net/ipv4/ip_local_port_range in one vm changes value
for every vm and for the host !
same for /proc/sys/net/ipv4/igmp_max_memberships
oups…
It shouldn’t, it is a regression in the kernel. What is the kernel version ?