Containers can be isolated using Linux namespaces or cgroups.

Linux namespaces serve to limit what the containers can see. Isolation happens on the user, filesystem or process level.

[[cgroups]] are used to limit resource usage.

## Links:

**implemented by**:: [[Linux Kernel also has namespaces for isolation]]
:::**part of**:: [[CKS]]


202403241200