What it's for
Posted Nov 7, 2007 18:30 UTC (Wed) by corbet
In reply to: Process IDs in a multi-namespace world
Parent article: Process IDs in a multi-namespace world
The idea behind containers is to give the contained processes the illusion of having the system to themselves. It's a security and isolation thing; in a complete container implementation it should be possible to give root privileges to a contained process and not have problems outside of the container. That clearly would not be the case if contained processes could see (and operate upon) processes running elsewhere in the system.
to post comments)