Linux — namespaces: IPC namespace

In the first part of the series we have talked generally about what are namespace and what we can do with them — in case you want to go over it you can use the following link https://medium.com/@boutnaru/linux-namespaces-part-1-dcee9c40fb68. Now we are going to deep dive into the IPC (inter process communication) namespace.

The goal of the IPC namespace is to isolate between different IPC resources like message queues, semaphores and shared memory. We are talking both on System V IPC objects (https://man7.org/linux/man-pages/man7/sysvipc.7.html) and POSIX message queues (https://man7.org/linux/man-pages/man7/mq_overview.7.html). In order to use “IPC namespaces” the kernel should be compiled with CONFIG_IPC_NS enabled (https://man7.org/linux/man-pages/man7/ipc_namespaces.7.html).

We can use “/proc” in order to retrieve information about the different IPC objects in an “IPC namespace”. Regarding POSIX message queues we have “/proc/sys/fs/mqueue”. In case of System V IPC objects we have “/proc/sysvipc” and specific file in “/proc/sys/kernel” (msgmax, msgmnb, msgmni, sem, shmall, shmmax, shmmni, and shm_rmid_forced). For more information I suggest reading proc’s man page (https://man7.org/linux/man-pages/man5/proc.5.html).

Lastly, all IPC objects created in an “IPC namespace” are visible only to all processes/tasks that are members of the same namespace — as shown in the screenshot below. In the demonstration the namespace was created using “unshare” (https://man7.org/linux/man-pages/man1/unshare.1.html), the IPC resource was created using “ipcmk” (https://man7.org/linux/man-pages/man1/ipcmk.1.html) and the show information about System V IPC resources using “ipcs” (https://man7.org/linux/man-pages/man1/ipcs.1.html).

See you next time.You can follow me on twitter — @boutnaru (https://twitter.com/boutnaru).