The core of the user namespace is just separate uid tables so
that uid 500 can refer to different users in different virtual
servers.
Uids are compared to mediate various operations including file
accesses and signaling. They are complicated by the fact that
uid 0 is usually allowed to circumvent these checks.
The current set of patches makes some assumptions which have
so far been rejected:
-
that user ns would typically be unshared along with
pid ns, and therefore normal signals (kill -9 112)
to another user ns would be prevented by pidspaces.(signals generated by use of f_setsig+f_setown+io
would not be prevented this way and are handled
specially) - (let me think about what 2 really was and how to phrase it)
It has been deemed preferable by some to take a different approach,
slowly augmenting all (uid1==uid2) checks with (uid1==uid2 && uidns1==uidns2)
before actually defining uid namespaces.