Both LXC and Docker apply a standard namespace configuration in case no further configuration is supplied. This post describes the internals of namespaces in the Linux kernel. Also, practical use-cases for namespaces in terms of containerization are considered.
In software dealing with security, randomness is often necessary to generate keys or tokens for resetting passwords or identifying sessions. There, randomness is required to be unpredictable for an attacker. However, sometimes developers do not use cryptographically secure pseudo random number generators (CSPRNG) in this scenario. Instead they utilize faster pseudorandom number generators (PRNG). Consequently, the question arises how hard it is to attack a common (not cryptographically secure) random number generator.
After discussing the PID and network namespaces in Docker, this part of your container series covers one of the most important namespace types in detail – the user namespace. This namespace type introduces mapping user and group IDs and the isolation of capabilities per-namespace. For instance, a process can run with a non-zero UID outside of a user namespace while having a UID of zero in a namespace