| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | ================================= |
| 2 | Documentation for /proc/sys/user/ |
| 3 | ================================= |
| 4 | |
| 5 | kernel version 4.9.0 |
| 6 | |
| 7 | Copyright (c) 2016 Eric Biederman <ebiederm@xmission.com> |
| 8 | |
| 9 | ------------------------------------------------------------------------------ |
| 10 | |
| 11 | This file contains the documentation for the sysctl files in |
| 12 | /proc/sys/user. |
| 13 | |
| 14 | The files in this directory can be used to override the default |
| 15 | limits on the number of namespaces and other objects that have |
| 16 | per user per user namespace limits. |
| 17 | |
| 18 | The primary purpose of these limits is to stop programs that |
| 19 | malfunction and attempt to create a ridiculous number of objects, |
| 20 | before the malfunction becomes a system wide problem. It is the |
| 21 | intention that the defaults of these limits are set high enough that |
| 22 | no program in normal operation should run into these limits. |
| 23 | |
| 24 | The creation of per user per user namespace objects are charged to |
| 25 | the user in the user namespace who created the object and |
| 26 | verified to be below the per user limit in that user namespace. |
| 27 | |
| 28 | The creation of objects is also charged to all of the users |
| 29 | who created user namespaces the creation of the object happens |
| 30 | in (user namespaces can be nested) and verified to be below the per user |
| 31 | limits in the user namespaces of those users. |
| 32 | |
| 33 | This recursive counting of created objects ensures that creating a |
| 34 | user namespace does not allow a user to escape their current limits. |
| 35 | |
| 36 | Currently, these files are in /proc/sys/user: |
| 37 | |
| 38 | max_cgroup_namespaces |
| 39 | ===================== |
| 40 | |
| 41 | The maximum number of cgroup namespaces that any user in the current |
| 42 | user namespace may create. |
| 43 | |
| 44 | max_ipc_namespaces |
| 45 | ================== |
| 46 | |
| 47 | The maximum number of ipc namespaces that any user in the current |
| 48 | user namespace may create. |
| 49 | |
| 50 | max_mnt_namespaces |
| 51 | ================== |
| 52 | |
| 53 | The maximum number of mount namespaces that any user in the current |
| 54 | user namespace may create. |
| 55 | |
| 56 | max_net_namespaces |
| 57 | ================== |
| 58 | |
| 59 | The maximum number of network namespaces that any user in the |
| 60 | current user namespace may create. |
| 61 | |
| 62 | max_pid_namespaces |
| 63 | ================== |
| 64 | |
| 65 | The maximum number of pid namespaces that any user in the current |
| 66 | user namespace may create. |
| 67 | |
| 68 | max_user_namespaces |
| 69 | =================== |
| 70 | |
| 71 | The maximum number of user namespaces that any user in the current |
| 72 | user namespace may create. |
| 73 | |
| 74 | max_uts_namespaces |
| 75 | ================== |
| 76 | |
| 77 | The maximum number of user namespaces that any user in the current |
| 78 | user namespace may create. |