2019-04-18 23:43:16 +08:00
|
|
|
=============================
|
|
|
|
Namespaces compatibility list
|
|
|
|
=============================
|
2007-11-29 08:21:39 +08:00
|
|
|
|
|
|
|
This document contains the information about the problems user
|
|
|
|
may have when creating tasks living in different namespaces.
|
|
|
|
|
|
|
|
Here's the summary. This matrix shows the known problems, that
|
|
|
|
occur when tasks share some namespace (the columns) while living
|
|
|
|
in different other namespaces (the rows):
|
|
|
|
|
2019-04-18 23:43:16 +08:00
|
|
|
==== === === === === ==== ===
|
|
|
|
- UTS IPC VFS PID User Net
|
|
|
|
==== === === === === ==== ===
|
2007-11-29 08:21:39 +08:00
|
|
|
UTS X
|
|
|
|
IPC X 1
|
|
|
|
VFS X
|
|
|
|
PID 1 1 X
|
|
|
|
User 2 2 X
|
|
|
|
Net X
|
2019-04-18 23:43:16 +08:00
|
|
|
==== === === === === ==== ===
|
2007-11-29 08:21:39 +08:00
|
|
|
|
|
|
|
1. Both the IPC and the PID namespaces provide IDs to address
|
|
|
|
object inside the kernel. E.g. semaphore with IPCID or
|
|
|
|
process group with pid.
|
|
|
|
|
|
|
|
In both cases, tasks shouldn't try exposing this ID to some
|
|
|
|
other task living in a different namespace via a shared filesystem
|
|
|
|
or IPC shmem/message. The fact is that this ID is only valid
|
|
|
|
within the namespace it was obtained in and may refer to some
|
|
|
|
other object in another namespace.
|
|
|
|
|
|
|
|
2. Intentionally, two equal user IDs in different user namespaces
|
|
|
|
should not be equal from the VFS point of view. In other
|
|
|
|
words, user 10 in one user namespace shouldn't have the same
|
|
|
|
access permissions to files, belonging to user 10 in another
|
|
|
|
namespace.
|
|
|
|
|
|
|
|
The same is true for the IPC namespaces being shared - two users
|
|
|
|
from different user namespaces should not access the same IPC objects
|
|
|
|
even having equal UIDs.
|
|
|
|
|
|
|
|
But currently this is not so.
|