1*4882a593Smuzhiyun================================= 2*4882a593SmuzhiyunDocumentation for /proc/sys/user/ 3*4882a593Smuzhiyun================================= 4*4882a593Smuzhiyun 5*4882a593Smuzhiyunkernel version 4.9.0 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunCopyright (c) 2016 Eric Biederman <ebiederm@xmission.com> 8*4882a593Smuzhiyun 9*4882a593Smuzhiyun------------------------------------------------------------------------------ 10*4882a593Smuzhiyun 11*4882a593SmuzhiyunThis file contains the documentation for the sysctl files in 12*4882a593Smuzhiyun/proc/sys/user. 13*4882a593Smuzhiyun 14*4882a593SmuzhiyunThe files in this directory can be used to override the default 15*4882a593Smuzhiyunlimits on the number of namespaces and other objects that have 16*4882a593Smuzhiyunper user per user namespace limits. 17*4882a593Smuzhiyun 18*4882a593SmuzhiyunThe primary purpose of these limits is to stop programs that 19*4882a593Smuzhiyunmalfunction and attempt to create a ridiculous number of objects, 20*4882a593Smuzhiyunbefore the malfunction becomes a system wide problem. It is the 21*4882a593Smuzhiyunintention that the defaults of these limits are set high enough that 22*4882a593Smuzhiyunno program in normal operation should run into these limits. 23*4882a593Smuzhiyun 24*4882a593SmuzhiyunThe creation of per user per user namespace objects are charged to 25*4882a593Smuzhiyunthe user in the user namespace who created the object and 26*4882a593Smuzhiyunverified to be below the per user limit in that user namespace. 27*4882a593Smuzhiyun 28*4882a593SmuzhiyunThe creation of objects is also charged to all of the users 29*4882a593Smuzhiyunwho created user namespaces the creation of the object happens 30*4882a593Smuzhiyunin (user namespaces can be nested) and verified to be below the per user 31*4882a593Smuzhiyunlimits in the user namespaces of those users. 32*4882a593Smuzhiyun 33*4882a593SmuzhiyunThis recursive counting of created objects ensures that creating a 34*4882a593Smuzhiyunuser namespace does not allow a user to escape their current limits. 35*4882a593Smuzhiyun 36*4882a593SmuzhiyunCurrently, these files are in /proc/sys/user: 37*4882a593Smuzhiyun 38*4882a593Smuzhiyunmax_cgroup_namespaces 39*4882a593Smuzhiyun===================== 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun The maximum number of cgroup namespaces that any user in the current 42*4882a593Smuzhiyun user namespace may create. 43*4882a593Smuzhiyun 44*4882a593Smuzhiyunmax_ipc_namespaces 45*4882a593Smuzhiyun================== 46*4882a593Smuzhiyun 47*4882a593Smuzhiyun The maximum number of ipc namespaces that any user in the current 48*4882a593Smuzhiyun user namespace may create. 49*4882a593Smuzhiyun 50*4882a593Smuzhiyunmax_mnt_namespaces 51*4882a593Smuzhiyun================== 52*4882a593Smuzhiyun 53*4882a593Smuzhiyun The maximum number of mount namespaces that any user in the current 54*4882a593Smuzhiyun user namespace may create. 55*4882a593Smuzhiyun 56*4882a593Smuzhiyunmax_net_namespaces 57*4882a593Smuzhiyun================== 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun The maximum number of network namespaces that any user in the 60*4882a593Smuzhiyun current user namespace may create. 61*4882a593Smuzhiyun 62*4882a593Smuzhiyunmax_pid_namespaces 63*4882a593Smuzhiyun================== 64*4882a593Smuzhiyun 65*4882a593Smuzhiyun The maximum number of pid namespaces that any user in the current 66*4882a593Smuzhiyun user namespace may create. 67*4882a593Smuzhiyun 68*4882a593Smuzhiyunmax_time_namespaces 69*4882a593Smuzhiyun=================== 70*4882a593Smuzhiyun 71*4882a593Smuzhiyun The maximum number of time namespaces that any user in the current 72*4882a593Smuzhiyun user namespace may create. 73*4882a593Smuzhiyun 74*4882a593Smuzhiyunmax_user_namespaces 75*4882a593Smuzhiyun=================== 76*4882a593Smuzhiyun 77*4882a593Smuzhiyun The maximum number of user namespaces that any user in the current 78*4882a593Smuzhiyun user namespace may create. 79*4882a593Smuzhiyun 80*4882a593Smuzhiyunmax_uts_namespaces 81*4882a593Smuzhiyun================== 82*4882a593Smuzhiyun 83*4882a593Smuzhiyun The maximum number of user namespaces that any user in the current 84*4882a593Smuzhiyun user namespace may create. 85