From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) Subject: Re: [PATCH v2 02/10] userns: Add per user namespace sysctls. Date: Mon, 25 Jul 2016 19:44:50 -0500 Message-ID: <87k2g95it9.fsf@x220.int.ebiederm.org> References: <20160721164014.17534-1-ebiederm@xmission.com> <20160721164014.17534-2-ebiederm@xmission.com> <878twp6zd2.fsf@x220.int.ebiederm.org> <20160725.172406.352408511647766870.davem@davemloft.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20160725.172406.352408511647766870.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org> (David Miller's message of "Mon, 25 Jul 2016 17:24:06 -0700 (PDT)") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: David Miller Cc: keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org, netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org, seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org, kernel-6AxghH7DbtA@public.gmane.org, linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, jann-XZ1E9jl8jIdeoWH0uzbU5w@public.gmane.org List-Id: containers.vger.kernel.org David Miller writes: > From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) > Date: Mon, 25 Jul 2016 19:02:01 -0500 > >> Which means this change gets has to wait for next cycle. > > Ok. For clarity I intend to merge these changes through the userns tree, when the issues are resolved. I Cc'd netdev as there is a limit on the number of network namespaces in this set which may be of interest to networking folks. I expect there will be some follow on about adding sanity checking limits to other kernel data structures like a maximum number of mounts in a mount namespace, and perhaps a maximum number of routes in a network namespace. User namespaces have enabled unprivileged users access to a lot more data structures and so to catch programs that go crazy we need a lot more limits. I believe some of those limits make sense per namespace. As it is easy in some cases to say any more than Y number of those per namespace is excessive. For example a limit of 1,000,000 ipv4 routes per network namespaces is a sanity check as there are currently 621,649 ipv4 prefixes advertized in bgp. But that is something to worry about after the merge window. Eric From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755389AbcGZA6B (ORCPT ); Mon, 25 Jul 2016 20:58:01 -0400 Received: from out02.mta.xmission.com ([166.70.13.232]:56078 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753790AbcGZA55 (ORCPT ); Mon, 25 Jul 2016 20:57:57 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: David Miller Cc: containers@lists.linux-foundation.org, keescook@chromium.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, luto@amacapital.net, seth.forshee@canonical.com, kernel@kyup.com, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, jann@thejh.net References: <20160721164014.17534-1-ebiederm@xmission.com> <20160721164014.17534-2-ebiederm@xmission.com> <878twp6zd2.fsf@x220.int.ebiederm.org> <20160725.172406.352408511647766870.davem@davemloft.net> Date: Mon, 25 Jul 2016 19:44:50 -0500 In-Reply-To: <20160725.172406.352408511647766870.davem@davemloft.net> (David Miller's message of "Mon, 25 Jul 2016 17:24:06 -0700 (PDT)") Message-ID: <87k2g95it9.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1bRqgx-0000D6-K0;;;mid=<87k2g95it9.fsf@x220.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=67.3.204.119;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1+8HupyNWV79k3cP+VQlou1lt+zh4tXtl0= X-SA-Exim-Connect-IP: 67.3.204.119 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.7 XMSubLong Long Subject * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4890] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;David Miller X-Spam-Relay-Country: X-Spam-Timing: total 259 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.7 (1.4%), b_tie_ro: 2.7 (1.0%), parse: 0.69 (0.3%), extract_message_metadata: 18 (6.9%), get_uri_detail_list: 1.33 (0.5%), tests_pri_-1000: 7 (2.9%), tests_pri_-950: 1.32 (0.5%), tests_pri_-900: 1.07 (0.4%), tests_pri_-400: 21 (8.2%), check_bayes: 20 (7.8%), b_tokenize: 6 (2.2%), b_tok_get_all: 7 (2.7%), b_comp_prob: 1.98 (0.8%), b_tok_touch_all: 3.0 (1.1%), b_finish: 0.79 (0.3%), tests_pri_0: 198 (76.4%), check_dkim_signature: 0.54 (0.2%), check_dkim_adsp: 3.1 (1.2%), tests_pri_500: 4.7 (1.8%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH v2 02/10] userns: Add per user namespace sysctls. X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org David Miller writes: > From: ebiederm@xmission.com (Eric W. Biederman) > Date: Mon, 25 Jul 2016 19:02:01 -0500 > >> Which means this change gets has to wait for next cycle. > > Ok. For clarity I intend to merge these changes through the userns tree, when the issues are resolved. I Cc'd netdev as there is a limit on the number of network namespaces in this set which may be of interest to networking folks. I expect there will be some follow on about adding sanity checking limits to other kernel data structures like a maximum number of mounts in a mount namespace, and perhaps a maximum number of routes in a network namespace. User namespaces have enabled unprivileged users access to a lot more data structures and so to catch programs that go crazy we need a lot more limits. I believe some of those limits make sense per namespace. As it is easy in some cases to say any more than Y number of those per namespace is excessive. For example a limit of 1,000,000 ipv4 routes per network namespaces is a sanity check as there are currently 621,649 ipv4 prefixes advertized in bgp. But that is something to worry about after the merge window. Eric