[PATCH 2/2] Documentation: describe /proc/<pid>/userns_counts

From: Andrei Vagin
Date: Mon Aug 15 2016 - 16:10:41 EST

Next message: Andrei Vagin: "[PATCH 1/2] kernel: show current values of user namespace counters"
Previous message: Andrei Vagin: "[PATCH 0/2 v2] userns: show current values of user namespace counters"
In reply to: Andrei Vagin: "[PATCH 0/2 v2] userns: show current values of user namespace counters"
Next in thread: Andrei Vagin: "[PATCH 1/2] kernel: show current values of user namespace counters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kirill Kolyshkin <kir@xxxxxxxxxx>

This file provides current usage of user namespace counters.

Signed-off-by: Kirill Kolyshkin <kir@xxxxxxxxxx>
Signed-off-by: Andrei Vagin <avagin@xxxxxxxxxx>
---
Documentation/filesystems/proc.txt | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)

diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
index 68080ad..7300d9c 100644
--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt
@@ -44,6 +44,7 @@ Table of Contents
3.8 /proc/<pid>/fdinfo/<fd> - Information about opened file
3.9 /proc/<pid>/map_files - Information about memory mapped files
3.10 /proc/<pid>/timerslack_ns - Task timerslack value
+ 3.11 /proc/<pid>/userns_counts - User namespace counters

4 Configuring procfs
4.1 Mount options
@@ -1889,6 +1890,35 @@ Valid values are from 0 - ULLONG_MAX
An application setting the value must have PTRACE_MODE_ATTACH_FSCREDS level
permissions on the task specified to change its timerslack_ns value.

+3.11 /proc/<pid>/userns_counts - User namespace counters
+---------------------------------------------------------
+
+This file provides current usage of user namespace counters.
+
+User namespace counters is a feature that allows to limit the number of various
+kernel objects a user can create. These limits are set via /proc/sys/user/
+sysctls on a per user namespace basis and are applicable to all users in that
+namespace. Therefore, the limits are the same for every user in a user
+namespace.
+
+Each user has their own set of user namespace counters. Once a user creates a
+new user namespace, every new object created inside that namespace is also
+charged to the user. That means that a user is limited by their user namespace
+limits, as well as the limits in their parent user namespaces.
+
+ > cat /proc/813/userns_counts
+ user_namespaces 101000 1
+ pid_namespaces 101000 1
+ ipc_namespaces 101000 4
+ net_namespaces 101000 2
+ mnt_namespaces 101000 5
+ mnt_namespaces 100000 1
+
+The meanings of the columns are as follows, from left to right:
+
+ Name Object name
+ UID User ID
+ Usage Current usage

------------------------------------------------------------------------------
Configuring procfs
--
2.5.5

Next message: Andrei Vagin: "[PATCH 1/2] kernel: show current values of user namespace counters"
Previous message: Andrei Vagin: "[PATCH 0/2 v2] userns: show current values of user namespace counters"
In reply to: Andrei Vagin: "[PATCH 0/2 v2] userns: show current values of user namespace counters"
Next in thread: Andrei Vagin: "[PATCH 1/2] kernel: show current values of user namespace counters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]