0001 =============================
0002 Namespaces compatibility list
0003 =============================
0004
0005 This document contains the information about the problems user
0006 may have when creating tasks living in different namespaces.
0007
0008 Here's the summary. This matrix shows the known problems, that
0009 occur when tasks share some namespace (the columns) while living
0010 in different other namespaces (the rows):
0011
0012 ==== === === === === ==== ===
0013 - UTS IPC VFS PID User Net
0014 ==== === === === === ==== ===
0015 UTS X
0016 IPC X 1
0017 VFS X
0018 PID 1 1 X
0019 User 2 2 X
0020 Net X
0021 ==== === === === === ==== ===
0022
0023 1. Both the IPC and the PID namespaces provide IDs to address
0024 object inside the kernel. E.g. semaphore with IPCID or
0025 process group with pid.
0026
0027 In both cases, tasks shouldn't try exposing this ID to some
0028 other task living in a different namespace via a shared filesystem
0029 or IPC shmem/message. The fact is that this ID is only valid
0030 within the namespace it was obtained in and may refer to some
0031 other object in another namespace.
0032
0033 2. Intentionally, two equal user IDs in different user namespaces
0034 should not be equal from the VFS point of view. In other
0035 words, user 10 in one user namespace shouldn't have the same
0036 access permissions to files, belonging to user 10 in another
0037 namespace.
0038
0039 The same is true for the IPC namespaces being shared - two users
0040 from different user namespaces should not access the same IPC objects
0041 even having equal UIDs.
0042
0043 But currently this is not so.
