Per user rlimits
Eric W. Biederman
ebiederm at xmission.com
Fri Aug 28 19:25:55 UTC 2020
Just to scope how much work it would be to fix rlimits
so they are not a problem for user namespaces I took a quick
survey.
The rlimits can be found in
include/uapi/asm-generic/resource.h
There are a total of 16 rlimits.
There are only 4 rlimits that are enforced at anything other
than process granularity.
RLIMIT_NPROC
RLIMIT_MEMLOCK
RLIMIT_SIGPENDING
RLIMIT_MSGQUEUE
So it should not be difficult to fix those rlimits.
I think the implementation of RLIMIT_MEMLOCK is highly suspect, and
might be worth reexamining, as RLMIT_MEMLOCK it interpreted differently
in different contexts. For the limit there is mm->locked_vm,
user->lock_vm, and user->locked_shm.
Eric
More information about the Containers
mailing list