[knem-devel] namespace support

Dave Love dave.love at manchester.ac.uk
Tue Sep 3 17:08:14 CEST 2019


Brice Goglin <Brice.Goglin at inria.fr> writes:

> Hello
>
> I have never tested this. I would hope it would work because we have our
> own abstraction to identify processes without namespace-specific PIDs,
> etc. One thing that might need to be checked is the case where UIDs are
> different between namespace, I don't know if that would work (by
> default, regions are only accessible to processes owned by the same user).
>
> Brice

Yes, the question was really whether different uid namespaces are a
potential security issue.  That seems to be a general question for
add-on modules that have anything to do with access control.  (I
wouldn't do that for HPC, of course, but some people think things like
Docker are a good idea on multi-access systems...  It's moot for Docker,
but maybe not for podman et al.)


More information about the knem-devel mailing list