Hi internals, Linux namespaces have been around for a long time and in recent years their usage has increased dramatically with the popularization of containers. Modern browsers also make use of them to sandbox certain processes and so on. To quote an introduction to the subject:
The purpose of each namespace is to wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. One of the overall goals of namespaces is to support the implementation of containers, a tool for lightweight virtualization (as well as other purposes) that provides a group of processes with the illusion that they are the only processes on the system. - from https://lwn.net/Articles/531114/ I think it can be useful for a language to expose this functionality to the users for that kind of purpose (ie. run a security sensitive task in isolation, simulate certain conditions like no network access, etc..). For that end, I've put forward https://github.com/php/php-src/pull/3760 which provides an implementation of `pcntl_unshare(int $flags): bool`. And I'm looking for some feedback if anyone would oppose the introduction of this function (and probably `setns` next). Regards, Pedro
