mirror of
https://github.com/torvalds/linux.git
synced 2024-12-29 14:21:47 +00:00
40 lines
1.3 KiB
Plaintext
40 lines
1.3 KiB
Plaintext
|
Namespaces compatibility list
|
||
|
|
||
|
This document contains the information about the problems user
|
||
|
may have when creating tasks living in different namespaces.
|
||
|
|
||
|
Here's the summary. This matrix shows the known problems, that
|
||
|
occur when tasks share some namespace (the columns) while living
|
||
|
in different other namespaces (the rows):
|
||
|
|
||
|
UTS IPC VFS PID User Net
|
||
|
UTS X
|
||
|
IPC X 1
|
||
|
VFS X
|
||
|
PID 1 1 X
|
||
|
User 2 2 X
|
||
|
Net X
|
||
|
|
||
|
1. Both the IPC and the PID namespaces provide IDs to address
|
||
|
object inside the kernel. E.g. semaphore with IPCID or
|
||
|
process group with pid.
|
||
|
|
||
|
In both cases, tasks shouldn't try exposing this ID to some
|
||
|
other task living in a different namespace via a shared filesystem
|
||
|
or IPC shmem/message. The fact is that this ID is only valid
|
||
|
within the namespace it was obtained in and may refer to some
|
||
|
other object in another namespace.
|
||
|
|
||
|
2. Intentionally, two equal user IDs in different user namespaces
|
||
|
should not be equal from the VFS point of view. In other
|
||
|
words, user 10 in one user namespace shouldn't have the same
|
||
|
access permissions to files, belonging to user 10 in another
|
||
|
namespace.
|
||
|
|
||
|
The same is true for the IPC namespaces being shared - two users
|
||
|
from different user namespaces should not access the same IPC objects
|
||
|
even having equal UIDs.
|
||
|
|
||
|
But currently this is not so.
|
||
|
|