162306a36Sopenharmony_ci================================= 262306a36Sopenharmony_ciDocumentation for /proc/sys/user/ 362306a36Sopenharmony_ci================================= 462306a36Sopenharmony_ci 562306a36Sopenharmony_cikernel version 4.9.0 662306a36Sopenharmony_ci 762306a36Sopenharmony_ciCopyright (c) 2016 Eric Biederman <ebiederm@xmission.com> 862306a36Sopenharmony_ci 962306a36Sopenharmony_ci------------------------------------------------------------------------------ 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_ciThis file contains the documentation for the sysctl files in 1262306a36Sopenharmony_ci/proc/sys/user. 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_ciThe files in this directory can be used to override the default 1562306a36Sopenharmony_cilimits on the number of namespaces and other objects that have 1662306a36Sopenharmony_ciper user per user namespace limits. 1762306a36Sopenharmony_ci 1862306a36Sopenharmony_ciThe primary purpose of these limits is to stop programs that 1962306a36Sopenharmony_cimalfunction and attempt to create a ridiculous number of objects, 2062306a36Sopenharmony_cibefore the malfunction becomes a system wide problem. It is the 2162306a36Sopenharmony_ciintention that the defaults of these limits are set high enough that 2262306a36Sopenharmony_cino program in normal operation should run into these limits. 2362306a36Sopenharmony_ci 2462306a36Sopenharmony_ciThe creation of per user per user namespace objects are charged to 2562306a36Sopenharmony_cithe user in the user namespace who created the object and 2662306a36Sopenharmony_civerified to be below the per user limit in that user namespace. 2762306a36Sopenharmony_ci 2862306a36Sopenharmony_ciThe creation of objects is also charged to all of the users 2962306a36Sopenharmony_ciwho created user namespaces the creation of the object happens 3062306a36Sopenharmony_ciin (user namespaces can be nested) and verified to be below the per user 3162306a36Sopenharmony_cilimits in the user namespaces of those users. 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ciThis recursive counting of created objects ensures that creating a 3462306a36Sopenharmony_ciuser namespace does not allow a user to escape their current limits. 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_ciCurrently, these files are in /proc/sys/user: 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_cimax_cgroup_namespaces 3962306a36Sopenharmony_ci===================== 4062306a36Sopenharmony_ci 4162306a36Sopenharmony_ci The maximum number of cgroup namespaces that any user in the current 4262306a36Sopenharmony_ci user namespace may create. 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_cimax_ipc_namespaces 4562306a36Sopenharmony_ci================== 4662306a36Sopenharmony_ci 4762306a36Sopenharmony_ci The maximum number of ipc namespaces that any user in the current 4862306a36Sopenharmony_ci user namespace may create. 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_cimax_mnt_namespaces 5162306a36Sopenharmony_ci================== 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_ci The maximum number of mount namespaces that any user in the current 5462306a36Sopenharmony_ci user namespace may create. 5562306a36Sopenharmony_ci 5662306a36Sopenharmony_cimax_net_namespaces 5762306a36Sopenharmony_ci================== 5862306a36Sopenharmony_ci 5962306a36Sopenharmony_ci The maximum number of network namespaces that any user in the 6062306a36Sopenharmony_ci current user namespace may create. 6162306a36Sopenharmony_ci 6262306a36Sopenharmony_cimax_pid_namespaces 6362306a36Sopenharmony_ci================== 6462306a36Sopenharmony_ci 6562306a36Sopenharmony_ci The maximum number of pid namespaces that any user in the current 6662306a36Sopenharmony_ci user namespace may create. 6762306a36Sopenharmony_ci 6862306a36Sopenharmony_cimax_time_namespaces 6962306a36Sopenharmony_ci=================== 7062306a36Sopenharmony_ci 7162306a36Sopenharmony_ci The maximum number of time namespaces that any user in the current 7262306a36Sopenharmony_ci user namespace may create. 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_cimax_user_namespaces 7562306a36Sopenharmony_ci=================== 7662306a36Sopenharmony_ci 7762306a36Sopenharmony_ci The maximum number of user namespaces that any user in the current 7862306a36Sopenharmony_ci user namespace may create. 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_cimax_uts_namespaces 8162306a36Sopenharmony_ci================== 8262306a36Sopenharmony_ci 8362306a36Sopenharmony_ci The maximum number of user namespaces that any user in the current 8462306a36Sopenharmony_ci user namespace may create. 85