157043247SMauro Carvalho Chehab================================= 257043247SMauro Carvalho ChehabDocumentation for /proc/sys/user/ 357043247SMauro Carvalho Chehab================================= 457043247SMauro Carvalho Chehab 557043247SMauro Carvalho Chehabkernel version 4.9.0 657043247SMauro Carvalho Chehab 757043247SMauro Carvalho ChehabCopyright (c) 2016 Eric Biederman <ebiederm@xmission.com> 857043247SMauro Carvalho Chehab 957043247SMauro Carvalho Chehab------------------------------------------------------------------------------ 1057043247SMauro Carvalho Chehab 1157043247SMauro Carvalho ChehabThis file contains the documentation for the sysctl files in 1257043247SMauro Carvalho Chehab/proc/sys/user. 1357043247SMauro Carvalho Chehab 1457043247SMauro Carvalho ChehabThe files in this directory can be used to override the default 1557043247SMauro Carvalho Chehablimits on the number of namespaces and other objects that have 1657043247SMauro Carvalho Chehabper user per user namespace limits. 1757043247SMauro Carvalho Chehab 1857043247SMauro Carvalho ChehabThe primary purpose of these limits is to stop programs that 1957043247SMauro Carvalho Chehabmalfunction and attempt to create a ridiculous number of objects, 2057043247SMauro Carvalho Chehabbefore the malfunction becomes a system wide problem. It is the 2157043247SMauro Carvalho Chehabintention that the defaults of these limits are set high enough that 2257043247SMauro Carvalho Chehabno program in normal operation should run into these limits. 2357043247SMauro Carvalho Chehab 2457043247SMauro Carvalho ChehabThe creation of per user per user namespace objects are charged to 2557043247SMauro Carvalho Chehabthe user in the user namespace who created the object and 2657043247SMauro Carvalho Chehabverified to be below the per user limit in that user namespace. 2757043247SMauro Carvalho Chehab 2857043247SMauro Carvalho ChehabThe creation of objects is also charged to all of the users 2957043247SMauro Carvalho Chehabwho created user namespaces the creation of the object happens 3057043247SMauro Carvalho Chehabin (user namespaces can be nested) and verified to be below the per user 3157043247SMauro Carvalho Chehablimits in the user namespaces of those users. 3257043247SMauro Carvalho Chehab 3357043247SMauro Carvalho ChehabThis recursive counting of created objects ensures that creating a 3457043247SMauro Carvalho Chehabuser namespace does not allow a user to escape their current limits. 3557043247SMauro Carvalho Chehab 3657043247SMauro Carvalho ChehabCurrently, these files are in /proc/sys/user: 3757043247SMauro Carvalho Chehab 3857043247SMauro Carvalho Chehabmax_cgroup_namespaces 3957043247SMauro Carvalho Chehab===================== 4057043247SMauro Carvalho Chehab 4157043247SMauro Carvalho Chehab The maximum number of cgroup namespaces that any user in the current 4257043247SMauro Carvalho Chehab user namespace may create. 4357043247SMauro Carvalho Chehab 4457043247SMauro Carvalho Chehabmax_ipc_namespaces 4557043247SMauro Carvalho Chehab================== 4657043247SMauro Carvalho Chehab 4757043247SMauro Carvalho Chehab The maximum number of ipc namespaces that any user in the current 4857043247SMauro Carvalho Chehab user namespace may create. 4957043247SMauro Carvalho Chehab 5057043247SMauro Carvalho Chehabmax_mnt_namespaces 5157043247SMauro Carvalho Chehab================== 5257043247SMauro Carvalho Chehab 5357043247SMauro Carvalho Chehab The maximum number of mount namespaces that any user in the current 5457043247SMauro Carvalho Chehab user namespace may create. 5557043247SMauro Carvalho Chehab 5657043247SMauro Carvalho Chehabmax_net_namespaces 5757043247SMauro Carvalho Chehab================== 5857043247SMauro Carvalho Chehab 5957043247SMauro Carvalho Chehab The maximum number of network namespaces that any user in the 6057043247SMauro Carvalho Chehab current user namespace may create. 6157043247SMauro Carvalho Chehab 6257043247SMauro Carvalho Chehabmax_pid_namespaces 6357043247SMauro Carvalho Chehab================== 6457043247SMauro Carvalho Chehab 6557043247SMauro Carvalho Chehab The maximum number of pid namespaces that any user in the current 6657043247SMauro Carvalho Chehab user namespace may create. 6757043247SMauro Carvalho Chehab 68*eeec26d5SDmitry Safonovmax_time_namespaces 69*eeec26d5SDmitry Safonov=================== 70*eeec26d5SDmitry Safonov 71*eeec26d5SDmitry Safonov The maximum number of time namespaces that any user in the current 72*eeec26d5SDmitry Safonov user namespace may create. 73*eeec26d5SDmitry Safonov 7457043247SMauro Carvalho Chehabmax_user_namespaces 7557043247SMauro Carvalho Chehab=================== 7657043247SMauro Carvalho Chehab 7757043247SMauro Carvalho Chehab The maximum number of user namespaces that any user in the current 7857043247SMauro Carvalho Chehab user namespace may create. 7957043247SMauro Carvalho Chehab 8057043247SMauro Carvalho Chehabmax_uts_namespaces 8157043247SMauro Carvalho Chehab================== 8257043247SMauro Carvalho Chehab 8357043247SMauro Carvalho Chehab The maximum number of user namespaces that any user in the current 8457043247SMauro Carvalho Chehab user namespace may create. 85