|  | Documentation for /proc/sys/user/*	kernel version 4.9.0 | 
|  | (c) 2016		Eric Biederman <ebiederm@xmission.com> | 
|  |  | 
|  | ============================================================== | 
|  |  | 
|  | This file contains the documentation for the sysctl files in | 
|  | /proc/sys/user. | 
|  |  | 
|  | The files in this directory can be used to override the default | 
|  | limits on the number of namespaces and other objects that have | 
|  | per user per user namespace limits. | 
|  |  | 
|  | The primary purpose of these limits is to stop programs that | 
|  | malfunction and attempt to create a ridiculous number of objects, | 
|  | before the malfunction becomes a system wide problem.  It is the | 
|  | intention that the defaults of these limits are set high enough that | 
|  | no program in normal operation should run into these limits. | 
|  |  | 
|  | The creation of per user per user namespace objects are charged to | 
|  | the user in the user namespace who created the object and | 
|  | verified to be below the per user limit in that user namespace. | 
|  |  | 
|  | The creation of objects is also charged to all of the users | 
|  | who created user namespaces the creation of the object happens | 
|  | in (user namespaces can be nested) and verified to be below the per user | 
|  | limits in the user namespaces of those users. | 
|  |  | 
|  | This recursive counting of created objects ensures that creating a | 
|  | user namespace does not allow a user to escape their current limits. | 
|  |  | 
|  | Currently, these files are in /proc/sys/user: | 
|  |  | 
|  | - max_cgroup_namespaces | 
|  |  | 
|  | The maximum number of cgroup namespaces that any user in the current | 
|  | user namespace may create. | 
|  |  | 
|  | - max_ipc_namespaces | 
|  |  | 
|  | The maximum number of ipc namespaces that any user in the current | 
|  | user namespace may create. | 
|  |  | 
|  | - max_mnt_namespaces | 
|  |  | 
|  | The maximum number of mount namespaces that any user in the current | 
|  | user namespace may create. | 
|  |  | 
|  | - max_net_namespaces | 
|  |  | 
|  | The maximum number of network namespaces that any user in the | 
|  | current user namespace may create. | 
|  |  | 
|  | - max_pid_namespaces | 
|  |  | 
|  | The maximum number of pid namespaces that any user in the current | 
|  | user namespace may create. | 
|  |  | 
|  | - max_user_namespaces | 
|  |  | 
|  | The maximum number of user namespaces that any user in the current | 
|  | user namespace may create. | 
|  |  | 
|  | - max_uts_namespaces | 
|  |  | 
|  | The maximum number of user namespaces that any user in the current | 
|  | user namespace may create. |