xref: /linux/Documentation/admin-guide/sysctl/user.rst (revision ead5d1f4d877e92c051e1a1ade623d0d30e71619) 
153b95375SMauro Carvalho Chehab=================================
253b95375SMauro Carvalho ChehabDocumentation for /proc/sys/user/
353b95375SMauro Carvalho Chehab=================================
49c722e40SEric W. Biederman
553b95375SMauro Carvalho Chehabkernel version 4.9.0
653b95375SMauro Carvalho Chehab
753b95375SMauro Carvalho ChehabCopyright (c) 2016		Eric Biederman <ebiederm@xmission.com>
853b95375SMauro Carvalho Chehab
953b95375SMauro Carvalho Chehab------------------------------------------------------------------------------
109c722e40SEric W. Biederman
1160c3e026SKangmin ParkThis file contains the documentation for the sysctl files in
129c722e40SEric W. Biederman/proc/sys/user.
139c722e40SEric W. Biederman
149c722e40SEric W. BiedermanThe files in this directory can be used to override the default
159c722e40SEric W. Biedermanlimits on the number of namespaces and other objects that have
169c722e40SEric W. Biedermanper user per user namespace limits.
179c722e40SEric W. Biederman
189c722e40SEric W. BiedermanThe primary purpose of these limits is to stop programs that
199c722e40SEric W. Biedermanmalfunction and attempt to create a ridiculous number of objects,
209c722e40SEric W. Biedermanbefore the malfunction becomes a system wide problem.  It is the
219c722e40SEric W. Biedermanintention that the defaults of these limits are set high enough that
229c722e40SEric W. Biedermanno program in normal operation should run into these limits.
239c722e40SEric W. Biederman
249c722e40SEric W. BiedermanThe creation of per user per user namespace objects are charged to
259c722e40SEric W. Biedermanthe user in the user namespace who created the object and
269c722e40SEric W. Biedermanverified to be below the per user limit in that user namespace.
279c722e40SEric W. Biederman
289c722e40SEric W. BiedermanThe creation of objects is also charged to all of the users
299c722e40SEric W. Biedermanwho created user namespaces the creation of the object happens
309c722e40SEric W. Biedermanin (user namespaces can be nested) and verified to be below the per user
319c722e40SEric W. Biedermanlimits in the user namespaces of those users.
329c722e40SEric W. Biederman
339c722e40SEric W. BiedermanThis recursive counting of created objects ensures that creating a
349c722e40SEric W. Biedermanuser namespace does not allow a user to escape their current limits.
359c722e40SEric W. Biederman
369c722e40SEric W. BiedermanCurrently, these files are in /proc/sys/user:
379c722e40SEric W. Biederman
3853b95375SMauro Carvalho Chehabmax_cgroup_namespaces
3953b95375SMauro Carvalho Chehab=====================
409c722e40SEric W. Biederman
419c722e40SEric W. Biederman  The maximum number of cgroup namespaces that any user in the current
429c722e40SEric W. Biederman  user namespace may create.
439c722e40SEric W. Biederman
4453b95375SMauro Carvalho Chehabmax_ipc_namespaces
4553b95375SMauro Carvalho Chehab==================
469c722e40SEric W. Biederman
479c722e40SEric W. Biederman  The maximum number of ipc namespaces that any user in the current
489c722e40SEric W. Biederman  user namespace may create.
499c722e40SEric W. Biederman
5053b95375SMauro Carvalho Chehabmax_mnt_namespaces
5153b95375SMauro Carvalho Chehab==================
529c722e40SEric W. Biederman
539c722e40SEric W. Biederman  The maximum number of mount namespaces that any user in the current
549c722e40SEric W. Biederman  user namespace may create.
559c722e40SEric W. Biederman
5653b95375SMauro Carvalho Chehabmax_net_namespaces
5753b95375SMauro Carvalho Chehab==================
589c722e40SEric W. Biederman
599c722e40SEric W. Biederman  The maximum number of network namespaces that any user in the
609c722e40SEric W. Biederman  current user namespace may create.
619c722e40SEric W. Biederman
6253b95375SMauro Carvalho Chehabmax_pid_namespaces
6353b95375SMauro Carvalho Chehab==================
649c722e40SEric W. Biederman
659c722e40SEric W. Biederman  The maximum number of pid namespaces that any user in the current
669c722e40SEric W. Biederman  user namespace may create.
679c722e40SEric W. Biederman
68*eeec26d5SDmitry Safonovmax_time_namespaces
69*eeec26d5SDmitry Safonov===================
70*eeec26d5SDmitry Safonov
71*eeec26d5SDmitry Safonov  The maximum number of time namespaces that any user in the current
72*eeec26d5SDmitry Safonov  user namespace may create.
73*eeec26d5SDmitry Safonov
7453b95375SMauro Carvalho Chehabmax_user_namespaces
7553b95375SMauro Carvalho Chehab===================
769c722e40SEric W. Biederman
779c722e40SEric W. Biederman  The maximum number of user namespaces that any user in the current
789c722e40SEric W. Biederman  user namespace may create.
799c722e40SEric W. Biederman
8053b95375SMauro Carvalho Chehabmax_uts_namespaces
8153b95375SMauro Carvalho Chehab==================
829c722e40SEric W. Biederman
839c722e40SEric W. Biederman  The maximum number of user namespaces that any user in the current
849c722e40SEric W. Biederman  user namespace may create.
85