From patchwork Mon Jan 15 15:46:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Gladkov X-Patchwork-Id: 19044 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:693c:2614:b0:101:6a76:bbe3 with SMTP id mm20csp1784061dyc; Mon, 15 Jan 2024 07:49:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IHeNx1hgwNvoWlbMZ19P9rB+dvKZsN/hfV9FCdcCajprr7a7hD4rJ+2TVSrwXlALb3ZH/Al X-Received: by 2002:a17:903:453:b0:1d4:3b60:5265 with SMTP id iw19-20020a170903045300b001d43b605265mr2755722plb.9.1705333765979; Mon, 15 Jan 2024 07:49:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705333765; cv=none; d=google.com; s=arc-20160816; b=QgdL/NgtIcRrJykjn9AD824y31WxUfWvD5PwLuoCMn6GyfvdMK3OthFCH9ThgcEhY1 aomlabynEGa8NADaZaubtNDe2tCWolDiI8Q7YWo8ve3LTGVZMsKlyZSS+4hTuEyZVutR x6bIC15ohxZCyM7WcTyrspgkoFbru4KI/3rMlferEzXGaXVU+k3zsFuL58UFNIAzVdUy 9lVpQlVgB3QrI1x+Zq6e6PVZ8SmsrNCDI/M3Qzz6k27yuIScpNQVZS3bZ1cC8/+lWw7v DLGCOWJb372cO2yI1AXBltwISRZbid4NG4RBDrBl/+sKIYSR2Mo3m3VRguYUkPpwGZYJ KErw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=ErN2l8BtpANMh/9d+Jp1JEBdqO2SiFSnfmX2CTCOAQQ=; fh=zd5tx2mrKpeDSq8i29C8fPinxTee353gUXgQsj9s1wU=; b=EY6AGLok6uM7Mp6IE+EkOiW/T4F03y9Y8uUYcaz2wIIVPxAPsf274VH+qCn1qSZGuZ yDShvm/Ml1h7z7Kr8hVcsdgqm+wITjNEfKeG1VpkeGkZF/GodzyryUKoC03t4qFF8Hol LRlV+lPAJ9yZlH13PiIO2+RePB28g2Sk1QYvVYgbcGYY+uHZxs96pgIaF+M/g1eEgJbr qq9/kCH+VyuKNs5Q3p7ycbzAQVetjc3WrJGsYjViYd9fSDqSOxr7v9xR45Sq2QseC6LJ LfGKv+gqFulvUCJ7YIwz+FR18FHRDq6YfmbnCJLhq5uSxc25KlEwEoF0H88EuNwJRSVC NVag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-26191-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26191-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id mi13-20020a170902fccd00b001d46f91899fsi8913383plb.176.2024.01.15.07.49.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 07:49:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-26191-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-26191-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26191-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 5EBC5B2124B for ; Mon, 15 Jan 2024 15:49:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2D3C317BB2; Mon, 15 Jan 2024 15:48:31 +0000 (UTC) Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63E3B17753 for ; Mon, 15 Jan 2024 15:48:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=kernel.org Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-588-mu28odDXNe6GqZItmyk1Zg-1; Mon, 15 Jan 2024 10:47:11 -0500 X-MC-Unique: mu28odDXNe6GqZItmyk1Zg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 34DB5863012; Mon, 15 Jan 2024 15:47:11 +0000 (UTC) Received: from localhost.redhat.com (unknown [10.45.226.182]) by smtp.corp.redhat.com (Postfix) with ESMTP id B45B13C25; Mon, 15 Jan 2024 15:47:09 +0000 (UTC) From: Alexey Gladkov To: LKML , Linux Containers Cc: Andrew Morton , Christian Brauner , "Eric W . Biederman" , Joel Granados , Kees Cook , Luis Chamberlain , Manfred Spraul Subject: [RESEND PATCH v3 0/3] Allow to change ipc/mq sysctls inside ipc namespace Date: Mon, 15 Jan 2024 15:46:40 +0000 Message-ID: In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788172058982319828 X-GMAIL-MSGID: 1788172058982319828 Right now ipc and mq limits count as per ipc namespace, but only real root can change them. By default, the current values of these limits are such that it can only be reduced. Since only root can change the values, it is impossible to reduce these limits in the rootless container. We can allow limit changes within ipc namespace because mq parameters are limited by RLIMIT_MSGQUEUE and ipc parameters are not limited to anything other than cgroups. This is just a rebase of patches on v6.7-6264-g70d201a40823. --- Alexey Gladkov (3): sysctl: Allow change system v ipc sysctls inside ipc namespace docs: Add information about ipc sysctls limitations sysctl: Allow to change limits for posix messages queues Documentation/admin-guide/sysctl/kernel.rst | 14 ++++++-- ipc/ipc_sysctl.c | 37 +++++++++++++++++++-- ipc/mq_sysctl.c | 36 ++++++++++++++++++++ 3 files changed, 82 insertions(+), 5 deletions(-)