From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752286AbcJJGow (ORCPT ); Mon, 10 Oct 2016 02:44:52 -0400 Received: from mail-lf0-f45.google.com ([209.85.215.45]:34876 "EHLO mail-lf0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751691AbcJJGos (ORCPT ); Mon, 10 Oct 2016 02:44:48 -0400 Subject: Re: [PATCH] inotify: Convert to using per-namespace limits To: "Eric W. Biederman" References: <1475837161-4626-1-git-send-email-kernel@kyup.com> <8737k86n7q.fsf@x220.int.ebiederm.org> Cc: john@johnmccutchan.com, eparis@parisplace.org, viro@zeniv.linux.org.uk, jack@suse.cz, serge@hallyn.com, avagin@openvz.org, linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org From: Nikolay Borisov Message-ID: <57FB38C3.9090803@kyup.com> Date: Mon, 10 Oct 2016 09:44:19 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <8737k86n7q.fsf@x220.int.ebiederm.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/07/2016 09:14 PM, Eric W. Biederman wrote: > Nikolay Borisov writes: > >> This patchset converts inotify to using the newly introduced >> per-userns sysctl infrastructure. >> >> Currently the inotify instances/watches are being accounted in the >> user_struct structure. This means that in setups where multiple >> users in unprivileged containers map to the same underlying >> real user (i.e. pointing to the same user_struct) the inotify limits >> are going to be shared as well, allowing one user(or application) to exhaust >> all others limits. >> >> Fix this by switching the inotify sysctls to using the >> per-namespace/per-user limits. This will allow the server admin to >> set sensible global limits, which can further be tuned inside every >> individual user namespace. >> >> Signed-off-by: Nikolay Borisov >> --- >> Hello Eric, >> >> I saw you've finally sent your pull request for 4.9 and it >> includes your implementatino of the ucount infrastructure. So >> here is my respin of the inotify patches using that. > > Thanks. I will take a good hard look at this after -rc1 when things are > stable enough that I can start a new development branch. > > I am a little concerned that the old sysctls have gone away. If no one > cares it is fine, but if someone depends on them existing that may count > as an unnecessary userspace regression. But otherwise skimming through > this code it looks good. So this indeed this is real issue and I meant to write something about it. Anyway, in order to preserve those sysctl what can be done is to hook them up with a custom sysctl handler taking the ns from the proc mount and the euid of current? I think this is a good approach, but let's wait and see if anyone will have objections to completely eliminating those sysctls. > [SNIP]