lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20161006175146.GA25935@outlook.office365.com>
Date:   Thu, 6 Oct 2016 10:51:47 -0700
From:   Andrei Vagin <avagin@...tuozzo.com>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
CC:     <avagin@...nvz.org>, <containers@...ts.linux-foundation.org>,
        <linux-kernel@...r.kernel.org>,
        Serge Hallyn <serge.hallyn@...onical.com>,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH 0/2 v2] userns: show current values of user namespace
 counters

Hello Eric,

What do you think about this series? It should be useful to know current
usage for user counters.

Thanks,
Andrei

On Mon, Aug 15, 2016 at 01:10:20PM -0700, Andrei Vagin wrote:
> Recently Eric added user namespace counters.  User namespace counters is
> a feature that allows to limit the number of various kernel objects a
> user can create. These limits are set via /proc/sys/user/ sysctls on a
> per user namespace basis and are applicable to all users in that
> namespace.
> 
> User namespace counters are not in the upstream tree yet,
> you can find them in Eric's tree:
> https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/log/?h=for-testing
> 
> This patch adds /proc/<pid>/userns_counts files to provide current usage
> of user namespace counters.
> 
>   > cat /proc/813/userns_counts
>   user_namespaces          101000               1
>   pid_namespaces           101000               1
>   ipc_namespaces           101000               4
>   net_namespaces           101000               2
>   mnt_namespaces           101000               5
>   mnt_namespaces           100000               1
> 
> The meanings of the columns are as follows, from left to right:
> 
>   Name         Object name
>   UID          User ID
>   Usage        Current usage
> 
> The full documentation is in the second patch.
> 
> v2: - describe this file in Documentation/filesystems/proc.txt
>     - move and rename into /proc/<pid>/userns_counts
> 
> Cc: Serge Hallyn <serge.hallyn@...onical.com>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>
> Signed-off-by: Andrei Vagin <avagin@...nvz.org>
> 
> Andrei Vagin (1):
>   kernel: show current values of user namespace counters
> 
> Kirill Kolyshkin (1):
>   Documentation: describe /proc/<pid>/userns_counts
> 
>  Documentation/filesystems/proc.txt |  30 +++++++++++
>  fs/proc/array.c                    |  55 ++++++++++++++++++++
>  fs/proc/base.c                     |   1 +
>  fs/proc/internal.h                 |   1 +
>  include/linux/user_namespace.h     |   8 +++
>  kernel/ucount.c                    | 102 +++++++++++++++++++++++++++++++++++++
>  6 files changed, 197 insertions(+)
> 
> -- 
> 2.5.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ