Quoting Doug Ledford (dledford@xxxxxxxxxx):From: KOSAKI Motohiro<kosaki.motohiro@xxxxxxxxxxxxxx>
Mqueue limitation is slightly naieve parameter likes other ipcs
because unprivileged user can consume kernel memory by using ipcs.
Thus, too aggressive raise bring us security issue. Example,
current setting allow evil unprivileged user use 256GB (= 256
* 1024 * 1024*1024) and it's enough large to system will belome
unresponsive. Don't do that.
Instead, every admin should adjust the knobs for their own systems.
Would you be terribly averse to having a higher limit in init_ipc_ns,
and the lower values by default in all child namespaces?
Sorry it sounds from the intro like you've already had quite a bit of--
discussion on this...
Of course I realize the values can just be raised by distro boot
scripts...