18c2ecf20Sopenharmony_ci================================= 28c2ecf20Sopenharmony_ciDocumentation for /proc/sys/user/ 38c2ecf20Sopenharmony_ci================================= 48c2ecf20Sopenharmony_ci 58c2ecf20Sopenharmony_cikernel version 4.9.0 68c2ecf20Sopenharmony_ci 78c2ecf20Sopenharmony_ciCopyright (c) 2016 Eric Biederman <ebiederm@xmission.com> 88c2ecf20Sopenharmony_ci 98c2ecf20Sopenharmony_ci------------------------------------------------------------------------------ 108c2ecf20Sopenharmony_ci 118c2ecf20Sopenharmony_ciThis file contains the documentation for the sysctl files in 128c2ecf20Sopenharmony_ci/proc/sys/user. 138c2ecf20Sopenharmony_ci 148c2ecf20Sopenharmony_ciThe files in this directory can be used to override the default 158c2ecf20Sopenharmony_cilimits on the number of namespaces and other objects that have 168c2ecf20Sopenharmony_ciper user per user namespace limits. 178c2ecf20Sopenharmony_ci 188c2ecf20Sopenharmony_ciThe primary purpose of these limits is to stop programs that 198c2ecf20Sopenharmony_cimalfunction and attempt to create a ridiculous number of objects, 208c2ecf20Sopenharmony_cibefore the malfunction becomes a system wide problem. It is the 218c2ecf20Sopenharmony_ciintention that the defaults of these limits are set high enough that 228c2ecf20Sopenharmony_cino program in normal operation should run into these limits. 238c2ecf20Sopenharmony_ci 248c2ecf20Sopenharmony_ciThe creation of per user per user namespace objects are charged to 258c2ecf20Sopenharmony_cithe user in the user namespace who created the object and 268c2ecf20Sopenharmony_civerified to be below the per user limit in that user namespace. 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_ciThe creation of objects is also charged to all of the users 298c2ecf20Sopenharmony_ciwho created user namespaces the creation of the object happens 308c2ecf20Sopenharmony_ciin (user namespaces can be nested) and verified to be below the per user 318c2ecf20Sopenharmony_cilimits in the user namespaces of those users. 328c2ecf20Sopenharmony_ci 338c2ecf20Sopenharmony_ciThis recursive counting of created objects ensures that creating a 348c2ecf20Sopenharmony_ciuser namespace does not allow a user to escape their current limits. 358c2ecf20Sopenharmony_ci 368c2ecf20Sopenharmony_ciCurrently, these files are in /proc/sys/user: 378c2ecf20Sopenharmony_ci 388c2ecf20Sopenharmony_cimax_cgroup_namespaces 398c2ecf20Sopenharmony_ci===================== 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ci The maximum number of cgroup namespaces that any user in the current 428c2ecf20Sopenharmony_ci user namespace may create. 438c2ecf20Sopenharmony_ci 448c2ecf20Sopenharmony_cimax_ipc_namespaces 458c2ecf20Sopenharmony_ci================== 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_ci The maximum number of ipc namespaces that any user in the current 488c2ecf20Sopenharmony_ci user namespace may create. 498c2ecf20Sopenharmony_ci 508c2ecf20Sopenharmony_cimax_mnt_namespaces 518c2ecf20Sopenharmony_ci================== 528c2ecf20Sopenharmony_ci 538c2ecf20Sopenharmony_ci The maximum number of mount namespaces that any user in the current 548c2ecf20Sopenharmony_ci user namespace may create. 558c2ecf20Sopenharmony_ci 568c2ecf20Sopenharmony_cimax_net_namespaces 578c2ecf20Sopenharmony_ci================== 588c2ecf20Sopenharmony_ci 598c2ecf20Sopenharmony_ci The maximum number of network namespaces that any user in the 608c2ecf20Sopenharmony_ci current user namespace may create. 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_cimax_pid_namespaces 638c2ecf20Sopenharmony_ci================== 648c2ecf20Sopenharmony_ci 658c2ecf20Sopenharmony_ci The maximum number of pid namespaces that any user in the current 668c2ecf20Sopenharmony_ci user namespace may create. 678c2ecf20Sopenharmony_ci 688c2ecf20Sopenharmony_cimax_time_namespaces 698c2ecf20Sopenharmony_ci=================== 708c2ecf20Sopenharmony_ci 718c2ecf20Sopenharmony_ci The maximum number of time namespaces that any user in the current 728c2ecf20Sopenharmony_ci user namespace may create. 738c2ecf20Sopenharmony_ci 748c2ecf20Sopenharmony_cimax_user_namespaces 758c2ecf20Sopenharmony_ci=================== 768c2ecf20Sopenharmony_ci 778c2ecf20Sopenharmony_ci The maximum number of user namespaces that any user in the current 788c2ecf20Sopenharmony_ci user namespace may create. 798c2ecf20Sopenharmony_ci 808c2ecf20Sopenharmony_cimax_uts_namespaces 818c2ecf20Sopenharmony_ci================== 828c2ecf20Sopenharmony_ci 838c2ecf20Sopenharmony_ci The maximum number of user namespaces that any user in the current 848c2ecf20Sopenharmony_ci user namespace may create. 85