|
| 1 | +:::{note} |
| 2 | +**AI Translation Notice** |
| 3 | + |
| 4 | +This document was automatically translated by `hunyuan-turbos-latest` model, for reference only. |
| 5 | + |
| 6 | +- Source document: kernel/ipc/ipc_namespace.md |
| 7 | + |
| 8 | +- Translation time: 2025-09-24 08:16:12 |
| 9 | + |
| 10 | +- Translation model: `hunyuan-turbos-latest` |
| 11 | + |
| 12 | +Please report issues via [Community Channel](https://github.com/DragonOS-Community/DragonOS/issues) |
| 13 | + |
| 14 | +::: |
| 15 | + |
| 16 | +# IPC Namespace |
| 17 | + |
| 18 | +:::{note} |
| 19 | + |
| 20 | +Author: longjin <[email protected]> |
| 21 | + |
| 22 | +::: |
| 23 | + |
| 24 | +This page describes the current support status and future plans for IPC namespaces in DragonOS. The goal is to expose semantics consistent with Linux to users while gradually improving upon DragonOS's existing framework. |
| 25 | + |
| 26 | +## Supported Features |
| 27 | +- Integration of IpcNamespace object with NsProxy: |
| 28 | + - Added `IpcNamespace` and connected to `NsProxy`, allowing each task to access its associated IPC namespace via `nsproxy.ipc_ns`. |
| 29 | + - Namespace creation/inheritance follows `clone/unshare` semantics: |
| 30 | + - Inherits the parent namespace when `CLONE_NEWIPC` is not included; |
| 31 | + - Creates an independent IPC namespace when `CLONE_NEWIPC` is included; |
| 32 | + - Mutually exclusive with `CLONE_SYSVSEM`, with behavior consistent with Linux. |
| 33 | + |
| 34 | +- SysV SHM (Shared Memory) isolated by namespace: |
| 35 | + - Refactored the original global `SHM_MANAGER` into per-ns `ShmManager`, with all `shmget/shmat/shmdt/shmctl` taking effect under `current.nsproxy.ipc_ns`. |
| 36 | + - `shmat`/`shmdt`: VMA records `ShmId`, precisely maintaining `map_count` during unmapping; after `IPC_RMID`, physical reclamation is completed when `SHM_DEST && map_count==0`. |
| 37 | + - Basic semantics and error codes aligned: `IPC_CREAT|IPC_EXCL`, `ENOENT`, rejection of `SHM_HUGETLB`, etc. |
| 38 | + |
| 39 | +- Basic test cases: (in `test_ipc_ns_shm.rs`) |
| 40 | + |
| 41 | + - After `unshare(CLONE_NEWIPC)`, keys in parent/child namespaces are not visible; |
| 42 | + - Same keys across namespaces do not conflict; |
| 43 | + - After `IPC_RMID`, the same key can be recreated; |
| 44 | + - Outputs PASS/FAIL and summary results. |
| 45 | + |
| 46 | +## Not Yet Implemented / Planned |
| 47 | +- `/proc/[pid]/ns/ipc` and `setns`: |
| 48 | + - Temporarily postponed, with only planning for read-only placeholders and the simplest `setns` path; permission validation and switching sequencing will be added in subsequent versions. |
| 49 | + |
| 50 | +- Other SysV IPC subsystems: |
| 51 | + - `msg/sem` framework not yet incorporated; UNDO lists for `sem` and coordination with `unshare/setns` need to be implemented simultaneously when introduced. |
| 52 | + |
| 53 | +- POSIX mqueue: |
| 54 | + - Per-ns mqueuefs kernel mounting, quotas, and sysctl not yet provided. |
| 55 | + |
| 56 | +- Permissions and quotas: |
| 57 | + - `ipcperms()`, `ns_capable(user_ns, CAP_IPC_OWNER)`; |
| 58 | + - ucounts/RLIMIT and per-ns sysctl such as `/proc/sys/kernel/shm*`. |
| 59 | + |
| 60 | +## Compatibility and Notes |
| 61 | +- At this stage, only SysV SHM provides namespace isolation; other IPC types still operate under global semantics. |
| 62 | +- Code evolves in a modular manner: when adding `msg/sem/mqueue` later, stability and consistency of user-side semantics will be maintained. |
| 63 | + |
| 64 | +## References |
| 65 | +- Code locations: |
| 66 | + - `kernel/src/process/namespace/ipc_namespace.rs` |
| 67 | + - `kernel/src/process/namespace/nsproxy.rs` |
| 68 | + - `kernel/src/ipc/syscall/` within `sys_shm*` |
| 69 | + - `kernel/src/mm/ucontext.rs` (VMA and SHM count maintenance) |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments