Commit | Line | Data |
---|---|---|
2868f89f PE |
1 | Namespaces compatibility list |
2 | ||
3 | This document contains the information about the problems user | |
4 | may have when creating tasks living in different namespaces. | |
5 | ||
6 | Here's the summary. This matrix shows the known problems, that | |
7 | occur when tasks share some namespace (the columns) while living | |
8 | in different other namespaces (the rows): | |
9 | ||
10 | UTS IPC VFS PID User Net | |
11 | UTS X | |
12 | IPC X 1 | |
13 | VFS X | |
14 | PID 1 1 X | |
15 | User 2 2 X | |
16 | Net X | |
17 | ||
18 | 1. Both the IPC and the PID namespaces provide IDs to address | |
19 | object inside the kernel. E.g. semaphore with IPCID or | |
20 | process group with pid. | |
21 | ||
22 | In both cases, tasks shouldn't try exposing this ID to some | |
23 | other task living in a different namespace via a shared filesystem | |
24 | or IPC shmem/message. The fact is that this ID is only valid | |
25 | within the namespace it was obtained in and may refer to some | |
26 | other object in another namespace. | |
27 | ||
28 | 2. Intentionally, two equal user IDs in different user namespaces | |
29 | should not be equal from the VFS point of view. In other | |
30 | words, user 10 in one user namespace shouldn't have the same | |
31 | access permissions to files, belonging to user 10 in another | |
32 | namespace. | |
33 | ||
34 | The same is true for the IPC namespaces being shared - two users | |
35 | from different user namespaces should not access the same IPC objects | |
36 | even having equal UIDs. | |
37 | ||
38 | But currently this is not so. | |
39 |