xref: /OK3568_Linux_fs/kernel/Documentation/admin-guide/namespaces/compatibility-list.rst (revision 4882a59341e53eb6f0b4789bf948001014eff981)

=============================
Namespaces compatibility list
=============================

This document contains the information about the problems user
may have when creating tasks living in different namespaces.

Here's the summary. This matrix shows the known problems, that
occur when tasks share some namespace (the columns) while living
in different other namespaces (the rows):

====	===	===	===	===	====	===
-	UTS	IPC	VFS	PID	User	Net
====	===	===	===	===	====	===
UTS	 X
IPC		 X	 1
VFS			 X
PID		 1	 1	 X
User		 2	 2		 X
Net						 X
====	===	===	===	===	====	===

1. Both the IPC and the PID namespaces provide IDs to address
   object inside the kernel. E.g. semaphore with IPCID or
   process group with pid.

   In both cases, tasks shouldn't try exposing this ID to some
   other task living in a different namespace via a shared filesystem
   or IPC shmem/message. The fact is that this ID is only valid
   within the namespace it was obtained in and may refer to some
   other object in another namespace.

2. Intentionally, two equal user IDs in different user namespaces
   should not be equal from the VFS point of view. In other
   words, user 10 in one user namespace shouldn't have the same
   access permissions to files, belonging to user 10 in another
   namespace.

   The same is true for the IPC namespaces being shared - two users
   from different user namespaces should not access the same IPC objects
   even having equal UIDs.

   But currently this is not so.