A relatively new Linux kernel feature required for using lables to define boundaries of network resources used by containers that are sharing resources from Linux instances and hosts.
Namespace and cgroups are two of the principal technologies in Linux that support containers. Cgroups confine the system resources that a container can use. Namespaces define and limit the system resources that any processes running in that namespace can see. There are six kinds of namespaces, user being one, network another. Network namespaces provide a new network stack for all the processes running in it: network interfaces, routing tables, and iptables rules.