From: Kirill Korotaev <dev-3ImXcnM4P+0@public.gmane.org>
To: Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Cedric Le Goater <clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Subject: Re: namespaces compatibility list
Date: Tue, 06 Nov 2007 15:36:01 +0300 [thread overview]
Message-ID: <47305FB1.9020403@sw.ru> (raw)
In-Reply-To: <47304729.8000309-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
imho very good idea and we'll have more and more docs there...
(the only issue I see - it would be nice to have cgroups docs in the same place,
though cgroups are not about namespaces directly.)
Acked-By: Kirill Korotaev <dev-3ImXcnM4P+0@public.gmane.org>
Pavel Emelyanov wrote:
> Hi guys!
>
> As you might have seen, recently there was some spontaneous
> discussion about the namespaces-working-together problems.
>
> Ted T'so proposed to create some document that describes what
> problems user may have when he/she creates some new namespace,
> but keeps others shared. I like this idea, so here's the draft
> with the problems I currently have in mind and can describe
> somewhat audibly - the "namespaces compatibility list".
>
> The Documentation/namespaces/ dir is about to contain more
> docs about the namespaces stuff (e.g. I'm going to prepare
> a doc about the pid namespaces, maybe Serge will want to
> write something about the user namespaces development, Eric
> may want to put some notes about the netns API and so on),
> but currently there will be only one file.
>
> What would you say about it?
>
> Signed-off-by: Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
>
> ---
>
> diff --git a/Documentation/namespaces/compatibility-list.txt b/Documentation/namespaces/compatibility-list.txt
> new file mode 100644
> index 0000000..4be4a3c
> --- /dev/null
> +++ b/Documentation/namespaces/compatibility-list.txt
> @@ -0,0 +1,32 @@
> + Namespaces compatibility list
> +
> +This document contains the information about the problems user
> +may have when creating tasks living in different namespaces.
> +
> +Here's the summary. This matrix shows the known problems, that
> +occur when tasks share some namespace (the columns) while living
> +in different other namespaces (the raws):
> +
> + UTS IPC VFS PID User Net
> +UTS
> +IPC 1
> +VFS
> +PID 1 1
> +User 2
> +Net
> +
> +1. Both the IPC and the PID namespaces provide IDs to address
> + object inside the kernel. E.g. semaphore with ipcid or
> + process group with pid.
> +
> + In both cases, tasks shouldn't try telling this id to some
> + other task living in different namespace vid shared filesystem
> + or IPC shmem/message. The fact is that this ID is only valid
> + within the namespace it was obtained in and may refer to some
> + other object in another namespace.
> +
> +2. Intentionnaly, two equal user ids in different user namespaces
> + should not be equal from the VFS point of view. In other
> + words, user 10 in one user namespace shouldn't have the same
> + access permissions to files, beloging to user 10 in another
> + namespace. But currently this is not so.
>
> _______________________________________________
> Containers mailing list
> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
> https://lists.linux-foundation.org/mailman/listinfo/containers
>
next prev parent reply other threads:[~2007-11-06 12:36 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-06 10:51 namespaces compatibility list Pavel Emelyanov
[not found] ` <47304729.8000309-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-11-06 12:36 ` Kirill Korotaev [this message]
2007-11-06 12:54 ` Cedric Le Goater
[not found] ` <4730640D.9030407-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-11-06 13:00 ` Pavel Emelyanov
[not found] ` <4730655C.8000306-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-11-06 16:01 ` Cedric Le Goater
[not found] ` <47308FDB.4010302-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-11-06 16:10 ` Pavel Emelyanov
[not found] ` <473091F9.10406-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-11-06 16:46 ` Cedric Le Goater
[not found] ` <47309A51.1050607-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-11-06 17:00 ` Eric W. Biederman
[not found] ` <m1ejf371hw.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-11-06 17:09 ` Pavel Emelyanov
[not found] ` <47309FAD.90702-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2007-11-06 17:46 ` Eric W. Biederman
2007-11-07 8:20 ` Cedric Le Goater
[not found] ` <4731756A.3060701-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2007-11-07 9:29 ` Pavel Emelyanov
2007-11-07 8:14 ` Cedric Le Goater
2007-11-06 16:36 ` Eric W. Biederman
[not found] ` <m1ode772lx.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-11-06 16:48 ` Cedric Le Goater
2007-11-07 13:49 ` Cedric Le Goater
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47305FB1.9020403@sw.ru \
--to=dev-3imxcnm4p+0@public.gmane.org \
--cc=clg-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox