]>
Commit | Line | Data |
---|---|---|
9c722e40 EB |
1 | Documentation for /proc/sys/user/* kernel version 4.9.0 |
2 | (c) 2016 Eric Biederman <ebiederm@xmission.com> | |
3 | ||
4 | ============================================================== | |
5 | ||
60c3e026 | 6 | This file contains the documentation for the sysctl files in |
9c722e40 EB |
7 | /proc/sys/user. |
8 | ||
9 | The files in this directory can be used to override the default | |
10 | limits on the number of namespaces and other objects that have | |
11 | per user per user namespace limits. | |
12 | ||
13 | The primary purpose of these limits is to stop programs that | |
14 | malfunction and attempt to create a ridiculous number of objects, | |
15 | before the malfunction becomes a system wide problem. It is the | |
16 | intention that the defaults of these limits are set high enough that | |
17 | no program in normal operation should run into these limits. | |
18 | ||
19 | The creation of per user per user namespace objects are charged to | |
20 | the user in the user namespace who created the object and | |
21 | verified to be below the per user limit in that user namespace. | |
22 | ||
23 | The creation of objects is also charged to all of the users | |
24 | who created user namespaces the creation of the object happens | |
25 | in (user namespaces can be nested) and verified to be below the per user | |
26 | limits in the user namespaces of those users. | |
27 | ||
28 | This recursive counting of created objects ensures that creating a | |
29 | user namespace does not allow a user to escape their current limits. | |
30 | ||
31 | Currently, these files are in /proc/sys/user: | |
32 | ||
33 | - max_cgroup_namespaces | |
34 | ||
35 | The maximum number of cgroup namespaces that any user in the current | |
36 | user namespace may create. | |
37 | ||
38 | - max_ipc_namespaces | |
39 | ||
40 | The maximum number of ipc namespaces that any user in the current | |
41 | user namespace may create. | |
42 | ||
43 | - max_mnt_namespaces | |
44 | ||
45 | The maximum number of mount namespaces that any user in the current | |
46 | user namespace may create. | |
47 | ||
48 | - max_net_namespaces | |
49 | ||
50 | The maximum number of network namespaces that any user in the | |
51 | current user namespace may create. | |
52 | ||
53 | - max_pid_namespaces | |
54 | ||
55 | The maximum number of pid namespaces that any user in the current | |
56 | user namespace may create. | |
57 | ||
58 | - max_user_namespaces | |
59 | ||
60 | The maximum number of user namespaces that any user in the current | |
61 | user namespace may create. | |
62 | ||
63 | - max_uts_namespaces | |
64 | ||
65 | The maximum number of user namespaces that any user in the current | |
66 | user namespace may create. |