From 269012b827325d61c9ce2d1f0d432ac3e678c211 Mon Sep 17 00:00:00 2001 From: "Enrico Weigelt, metux IT consult" Date: Fri, 30 May 2025 14:21:56 +0200 Subject: [PATCH] Xnamespace: add some documentation Signed-off-by: Enrico Weigelt, metux IT consult --- doc/Xnamespace.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 doc/Xnamespace.md diff --git a/doc/Xnamespace.md b/doc/Xnamespace.md new file mode 100644 index 000000000..ce1aecd9f --- /dev/null +++ b/doc/Xnamespace.md @@ -0,0 +1,26 @@ +Xnamespace extension v1.0 +========================= + +This extension separates clients into several namespaces (a bit similar to +Linux's kernel namespaces), which are isolated from each other. For example, +namespaces have their own selections and clients cannot directly interact +(send messages) or access other client's resources across namespace borders. + +An exception is the `root` namespace, which completely is unrestricted. + +Configuration +------------- + +Namespaces are defined in a separate configuration file, which is loaded at +server startup (no dynamic provisioning in this version yet). The extension +is enabled when a namespace config is passed to the Xserver via the +`-namespace ` flag. + + +See `Xext/namespace/ns.conf.example` for a configuration file example. + +Authentication / Namespace assignment +------------------------------------- + +Assignment of clients into namespaces is done by the authentication token the +client is using to authenticate. Thus, token authentication needs to enabled.