cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

compatibility-list.rst (1494B)


      1=============================
      2Namespaces compatibility list
      3=============================
      4
      5This document contains the information about the problems user
      6may have when creating tasks living in different namespaces.
      7
      8Here's the summary. This matrix shows the known problems, that
      9occur when tasks share some namespace (the columns) while living
     10in different other namespaces (the rows):
     11
     12====	===	===	===	===	====	===
     13-	UTS	IPC	VFS	PID	User	Net
     14====	===	===	===	===	====	===
     15UTS	 X
     16IPC		 X	 1
     17VFS			 X
     18PID		 1	 1	 X
     19User		 2	 2		 X
     20Net						 X
     21====	===	===	===	===	====	===
     22
     231. Both the IPC and the PID namespaces provide IDs to address
     24   object inside the kernel. E.g. semaphore with IPCID or
     25   process group with pid.
     26
     27   In both cases, tasks shouldn't try exposing this ID to some
     28   other task living in a different namespace via a shared filesystem
     29   or IPC shmem/message. The fact is that this ID is only valid
     30   within the namespace it was obtained in and may refer to some
     31   other object in another namespace.
     32
     332. Intentionally, two equal user IDs in different user namespaces
     34   should not be equal from the VFS point of view. In other
     35   words, user 10 in one user namespace shouldn't have the same
     36   access permissions to files, belonging to user 10 in another
     37   namespace.
     38
     39   The same is true for the IPC namespaces being shared - two users
     40   from different user namespaces should not access the same IPC objects
     41   even having equal UIDs.
     42
     43   But currently this is not so.