I work on an application with different processes and I'm asked to contain those processes for achieving more isolation.
The problem is that the processes share memory with a single "hypervisor" process in order to exchange data (they use classic shared buffers). This solution was implemented for performance requirement and because it is running in user-space, so there aren't content switching between user-space and kernel-space.
If I'm not wrong is not possible to run more than one docker container inside a single IPC namespace, but I don't know if it is possible that a single docker container belongs to different IPC namespaces, this could solve my problem.
Other solutions are welcome, just keep in mind that performance is a requirement, thanks in advance.
The --ipc=host and --ipc=container:id options have since been added to the Docker create and run commands to share IPC resources.
--ipc="" : Set the IPC mode for the container, 'container:<name|id>': reuses another container's IPC namespace 'host': use the host's IPC namespace inside the container
IPC with the host
docker run --ipc=host <image>
IPC with another container
docker run --ipc=container:<id> <image>
IPC with another container may need the shareable option set on the initial container (if dockerd defaults IPC to private)
docker run --ipc=shareable <image>