tag name | unpriv-ipc-sysctls-for-v6.1 (da3e8b070a65afc1337d5ec484365707798ae58d) |
tag date | 2022-10-03 16:26:39 -0500 |
tagged by | Eric W. Biederman <ebiederm@xmission.com> |
tagged object | commit a799be9baf... |
download | linux-unpriv-ipc-sysctls-for-v6.1.tar.gz |
---|
ipc/sysctl: Allow to change ipc/mq sysctls inside ipc namespace
Right now ipc and mq limits count as per ipc namespace, but only real
root can change them. The default values of these limits can only be
reduced. Since only root can change the values, it is impossible to
reduce these limits in the rootless container.
We can allow limit changes within ipc namespace because mq parameters
are limited by RLIMIT_MSGQUEUE and ipc parameters are not limited to
anything other than cgroups.
Alexey Gladkov (3):
sysctl: Allow change system v ipc sysctls inside ipc namespace
docs: Add information about ipc sysctls limitations
sysctl: Allow to change limits for posix messages queues
Eric W. Biederman (1):
ipc/ipc_sysctl: Add missing include of linux/cred.h
Documentation/admin-guide/sysctl/kernel.rst | 14 ++++++++---
ipc/ipc_sysctl.c | 37 +++++++++++++++++++++++++++--
ipc/mq_sysctl.c | 36 ++++++++++++++++++++++++++++
3 files changed, 82 insertions(+), 5 deletions(-)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgjlraLDcwBA2B+6cC/v6Eiajj0AFAmM7U5EACgkQC/v6Eiaj
j0DIVBAAkhTvydeQPBpQhPmYtc+oE+sLtrf9to4xIRWd6zpgA7CE5CU7ztAG5+9I
MXbaMjkrMWYDbN6BTv3d6qXd8KvmLVHIOvGduNh8I4ENZ7MzWbekp+B+tAzMr22f
sHaIqjtFuFhhgYHrSlZPs/OUvjbsHUrvYHczZhPYVMemdajQHCUfxWOsKPNCIhKa
4y7LaFK5Qiytg4lYPgzo5+qfWSV0MgyfIlTc4tA+FPQU279ybLckbpDUD/pJ/8Ov
YBl/ZY4Yf8EB+nEoVt3QdKfGfemoK4dxI5gWQyrT8Hx5MOfU3dVJO9fAr7Lh5VIT
mpWjEjTJE8yzqfbofBcWOZdKC3TLV08IV+TvEwc4+DwsG+rJUErnItP74CpcMCqa
LN80WcT8iqIwA3t9hmpDF3+hpa1K+sBJAiCOjVoYpxXSLyrv7IO6EJCYvTdiDhO2
+d0kBcaRclLmDa/PUT4hHX9DbOYVdZjwdeY1wxRO+94T1+4qIQigqQIBKK0YhbEy
rJourUMKwzYhmTTeyeQSFd0TdmT455vYHBCvbowrB09Lo+/7nc8dh1likUWEzfFt
wY3vBnMPE6x3SLiU5JMYtfVuKHjBMPgKlUJrOAWmX2AuYCmweKtfjmJzuMCzGnQf
a1oCDzNZVfMO6tuvCM8IMLACWTxcVwjoanLKCwkh1InPTGPTQsI=
=PfHg
-----END PGP SIGNATURE-----