| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | ============================= |
| 2 | Namespaces compatibility list |
| 3 | ============================= |
| 4 | |
| 5 | This document contains the information about the problems user |
| 6 | may have when creating tasks living in different namespaces. |
| 7 | |
| 8 | Here's the summary. This matrix shows the known problems, that |
| 9 | occur when tasks share some namespace (the columns) while living |
| 10 | in different other namespaces (the rows): |
| 11 | |
| 12 | ==== === === === === ==== === |
| 13 | - UTS IPC VFS PID User Net |
| 14 | ==== === === === === ==== === |
| 15 | UTS X |
| 16 | IPC X 1 |
| 17 | VFS X |
| 18 | PID 1 1 X |
| 19 | User 2 2 X |
| 20 | Net X |
| 21 | ==== === === === === ==== === |
| 22 | |
| 23 | 1. Both the IPC and the PID namespaces provide IDs to address |
| 24 | object inside the kernel. E.g. semaphore with IPCID or |
| 25 | process group with pid. |
| 26 | |
| 27 | In both cases, tasks shouldn't try exposing this ID to some |
| 28 | other task living in a different namespace via a shared filesystem |
| 29 | or IPC shmem/message. The fact is that this ID is only valid |
| 30 | within the namespace it was obtained in and may refer to some |
| 31 | other object in another namespace. |
| 32 | |
| 33 | 2. Intentionally, two equal user IDs in different user namespaces |
| 34 | should not be equal from the VFS point of view. In other |
| 35 | words, user 10 in one user namespace shouldn't have the same |
| 36 | access permissions to files, belonging to user 10 in another |
| 37 | namespace. |
| 38 | |
| 39 | The same is true for the IPC namespaces being shared - two users |
| 40 | from different user namespaces should not access the same IPC objects |
| 41 | even having equal UIDs. |
| 42 | |
| 43 | But currently this is not so. |