Re: [Patch 5/8] mqueue: revert bump up DFLT_*MAX

[KOSAKI Motohiro]

(4/17/12 11:22 PM), Serge E. Hallyn wrote:
> Quoting Doug Ledford (dledford@xxxxxxxxxx):
> > From: KOSAKI Motohiro<kosaki.motohiro@xxxxxxxxxxxxxx>
> >
> > Mqueue limitation is slightly naieve parameter likes other ipcs
> > because unprivileged user can consume kernel memory by using ipcs.
> >
> > Thus, too aggressive raise bring us security issue. Example,
> > current setting allow evil unprivileged user use 256GB (= 256
> > * 1024 * 1024*1024) and it's enough large to system will belome
> > unresponsive. Don't do that.
> >
> > Instead, every admin should adjust the knobs for their own systems.
>
> Would you be terribly averse to having a higher limit in init_ipc_ns,
> and the lower values by default in all child namespaces?

No, I just focused to don't create any regressions. i.e. I mainly focused
no namespace use case. And, I'm sorry, I don't think I clearly understand
recent namespace update. I'm not against any namespace enhancement. Please
only think just I don't understand neither a ipc namespace requirement nor
the code.



> Sorry it sounds from the intro like you've already had quite a bit of
> discussion on this...
>
> Of course I realize the values can just be raised by distro boot
> scripts...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/