| Pavel Emelyanov | 2868f89 | 2007-11-28 16:21:39 -0800 | [diff] [blame] | 1 | Namespaces compatibility list | 
|  | 2 |  | 
|  | 3 | This document contains the information about the problems user | 
|  | 4 | may have when creating tasks living in different namespaces. | 
|  | 5 |  | 
|  | 6 | Here's the summary. This matrix shows the known problems, that | 
|  | 7 | occur when tasks share some namespace (the columns) while living | 
|  | 8 | in different other namespaces (the rows): | 
|  | 9 |  | 
|  | 10 | UTS	IPC	VFS	PID	User	Net | 
|  | 11 | UTS	 X | 
|  | 12 | IPC		 X	 1 | 
|  | 13 | VFS			 X | 
|  | 14 | PID		 1	 1	 X | 
|  | 15 | User		 2	 2		 X | 
|  | 16 | Net						 X | 
|  | 17 |  | 
|  | 18 | 1. Both the IPC and the PID namespaces provide IDs to address | 
|  | 19 | object inside the kernel. E.g. semaphore with IPCID or | 
|  | 20 | process group with pid. | 
|  | 21 |  | 
|  | 22 | In both cases, tasks shouldn't try exposing this ID to some | 
|  | 23 | other task living in a different namespace via a shared filesystem | 
|  | 24 | or IPC shmem/message. The fact is that this ID is only valid | 
|  | 25 | within the namespace it was obtained in and may refer to some | 
|  | 26 | other object in another namespace. | 
|  | 27 |  | 
|  | 28 | 2. Intentionally, two equal user IDs in different user namespaces | 
|  | 29 | should not be equal from the VFS point of view. In other | 
|  | 30 | words, user 10 in one user namespace shouldn't have the same | 
|  | 31 | access permissions to files, belonging to user 10 in another | 
|  | 32 | namespace. | 
|  | 33 |  | 
|  | 34 | The same is true for the IPC namespaces being shared - two users | 
|  | 35 | from different user namespaces should not access the same IPC objects | 
|  | 36 | even having equal UIDs. | 
|  | 37 |  | 
|  | 38 | But currently this is not so. | 
|  | 39 |  |