2 files changed, 41 insertions, 0 deletions
diff --git a/Documentation/00-INDEX b/Documentation/00-INDEX
index 299615d821ac..c3014df066c4 100644
--- a/Documentation/00-INDEX
+++ b/Documentation/00-INDEX
@@ -262,6 +262,8 @@ mtrr.txt
        - how to use PPro Memory Type Range Registers to increase performance.
 mutex-design.txt
        - info on the generic mutex subsystem.
+namespaces/
+        - directory with various information about namespaces
 nbd.txt
        - info on a TCP implementation of a network block device.
 netlabel/
diff --git a/Documentation/namespaces/compatibility-list.txt b/Documentation/namespaces/compatibility-list.txt
new file mode 100644
index 000000000000..defc5589bfcd
--- /dev/null
+++ b/Documentation/namespaces/compatibility-list.txt
@@ -0,0 +1,39 @@
+        Namespaces compatibility list
+This document contains the information about the problems user
+may have when creating tasks living in different namespaces.
+Here's the summary. This matrix shows the known problems, that
+occur when tasks share some namespace (the columns) while living
+in different other namespaces (the rows):
+        UTS     IPC     VFS     PID     User    Net
+UTS      X
+IPC              X       1
+VFS                      X
+PID              1       1       X
+User             2       2               X
+Net                                              X
+1. Both the IPC and the PID namespaces provide IDs to address
+   object inside the kernel. E.g. semaphore with IPCID or
+   process group with pid.
+   In both cases, tasks shouldn't try exposing this ID to some
+   other task living in a different namespace via a shared filesystem
+   or IPC shmem/message. The fact is that this ID is only valid
+   within the namespace it was obtained in and may refer to some
+   other object in another namespace.
+2. Intentionally, two equal user IDs in different user namespaces
+   should not be equal from the VFS point of view. In other
+   words, user 10 in one user namespace shouldn't have the same
+   access permissions to files, belonging to user 10 in another
+   namespace.
+   The same is true for the IPC namespaces being shared - two users
+   from different user namespaces should not access the same IPC objects
+   even having equal UIDs.
+   But currently this is not so.

diff --git a/Documentation/00-INDEX b/Documentation/00-INDEX index 299615d821ac..c3014df066c4 100644 --- a/Documentation/00-INDEX +++ b/Documentation/00-INDEX
@@ -262,6 +262,8 @@ mtrr.txt
262	- how to use PPro Memory Type Range Registers to increase performance.	262	- how to use PPro Memory Type Range Registers to increase performance.
263	mutex-design.txt	263	mutex-design.txt
264	- info on the generic mutex subsystem.	264	- info on the generic mutex subsystem.
		265	namespaces/
		266	- directory with various information about namespaces
265	nbd.txt	267	nbd.txt
266	- info on a TCP implementation of a network block device.	268	- info on a TCP implementation of a network block device.
267	netlabel/	269	netlabel/


diff --git a/Documentation/namespaces/compatibility-list.txt b/Documentation/namespaces/compatibility-list.txt new file mode 100644 index 000000000000..defc5589bfcd --- /dev/null +++ b/Documentation/namespaces/compatibility-list.txt
@@ -0,0 +1,39 @@
		1	Namespaces compatibility list
		2
		3	This document contains the information about the problems user
		4	may have when creating tasks living in different namespaces.
		5
		6	Here's the summary. This matrix shows the known problems, that
		7	occur when tasks share some namespace (the columns) while living
		8	in different other namespaces (the rows):
		9
		10	UTS IPC VFS PID User Net
		11	UTS X
		12	IPC X 1
		13	VFS X
		14	PID 1 1 X
		15	User 2 2 X
		16	Net X
		17
		18	1. Both the IPC and the PID namespaces provide IDs to address
		19	object inside the kernel. E.g. semaphore with IPCID or
		20	process group with pid.
		21
		22	In both cases, tasks shouldn't try exposing this ID to some
		23	other task living in a different namespace via a shared filesystem
		24	or IPC shmem/message. The fact is that this ID is only valid
		25	within the namespace it was obtained in and may refer to some
		26	other object in another namespace.
		27
		28	2. Intentionally, two equal user IDs in different user namespaces
		29	should not be equal from the VFS point of view. In other
		30	words, user 10 in one user namespace shouldn't have the same
		31	access permissions to files, belonging to user 10 in another
		32	namespace.
		33
		34	The same is true for the IPC namespaces being shared - two users
		35	from different user namespaces should not access the same IPC objects
		36	even having equal UIDs.
		37
		38	But currently this is not so.
		39