| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1471291822-539-3-git-send-email-avagin@openvz.org> Date: Mon, 15 Aug 2016 13:10:22 -0700 From: Andrei Vagin <avagin@...nvz.org> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: containers@...ts.linux-foundation.org, linux-kernel@...r.kernel.org, Andrei Vagin <avagin@...nvz.org>, Serge Hallyn <serge.hallyn@...onical.com>, Kees Cook <keescook@...omium.org>, Kirill Kolyshkin <kir@...nvz.org> Subject: [PATCH 2/2] Documentation: describe /proc/<pid>/userns_counts From: Kirill Kolyshkin <kir@...nvz.org> This file provides current usage of user namespace counters. Signed-off-by: Kirill Kolyshkin <kir@...nvz.org> Signed-off-by: Andrei Vagin <avagin@...nvz.org> --- Documentation/filesystems/proc.txt | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt index 68080ad..7300d9c 100644 --- a/Documentation/filesystems/proc.txt +++ b/Documentation/filesystems/proc.txt @@ -44,6 +44,7 @@ Table of Contents 3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file 3.9 /proc/<pid>/map_files - Information about memory mapped files 3.10 /proc/<pid>/timerslack_ns - Task timerslack value + 3.11 /proc/<pid>/userns_counts - User namespace counters 4 Configuring procfs 4.1 Mount options @@ -1889,6 +1890,35 @@ Valid values are from 0 - ULLONG_MAX An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level permissions on the task specified to change its timerslack_ns value. +3.11 /proc/<pid>/userns_counts - User namespace counters +--------------------------------------------------------- + +This file provides current usage of user namespace counters. + +User namespace counters is a feature that allows to limit the number of various +kernel objects a user can create. These limits are set via /proc/sys/user/ +sysctls on a per user namespace basis and are applicable to all users in that +namespace. Therefore, the limits are the same for every user in a user +namespace. + +Each user has their own set of user namespace counters. Once a user creates a +new user namespace, every new object created inside that namespace is also +charged to the user. That means that a user is limited by their user namespace +limits, as well as the limits in their parent user namespaces. + + > cat /proc/813/userns_counts + user_namespaces 101000 1 + pid_namespaces 101000 1 + ipc_namespaces 101000 4 + net_namespaces 101000 2 + mnt_namespaces 101000 5 + mnt_namespaces 100000 1 + +The meanings of the columns are as follows, from left to right: + + Name Object name + UID User ID + Usage Current usage ------------------------------------------------------------------------------ Configuring procfs -- 2.5.5
Powered by blists - more mailing lists