Next: Virtual Machines, Previous: 시스템 설정, Up: GNU Guix 쿡북 [Contents][Index]
The kernel Linux provides a number of shared facilities that are available to processes in the system. These facilities include a shared view on the file system, other processes, network devices, user and group identities, and a few others. Since Linux 3.19 a user can choose to unshare some of these shared facilities for selected processes, providing them (and their child processes) with a different view on the system.
A process with an unshared mount
namespace, for example, has its own
view on the file system — it will only be able to see directories that
have been explicitly bound in its mount namespace. A process with its own
proc
namespace will consider itself to be the only process running on
the system, running as PID 1.
Guix uses these kernel features to provide fully isolated environments and even complete Guix System containers, lightweight virtual machines that share the host system’s kernel. This feature comes in especially handy when using Guix on a foreign distribution to prevent interference from foreign libraries or configuration files that are available system-wide.