Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754835AbcJ2U0R (ORCPT ); Sat, 29 Oct 2016 16:26:17 -0400 Received: from mail-lf0-f66.google.com ([209.85.215.66]:32792 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753468AbcJ2U0Q (ORCPT ); Sat, 29 Oct 2016 16:26:16 -0400 Date: Thu, 27 Oct 2016 03:45:24 +0300 From: "Kirill A. Shutemov" To: David Herrmann Cc: Linus Torvalds , Linux Kernel Mailing List , Andy Lutomirski , Jiri Kosina , Greg KH , Hannes Reinecke , Steven Rostedt , Arnd Bergmann , Tom Gundersen , Josh Triplett , Andrew Morton Subject: Re: [RFC v1 00/14] Bus1 Kernel Message Bus Message-ID: <20161027004524.GA4184@node> References: <20161026191810.12275-1-dh.herrmann@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23.1 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 550 Lines: 16 On Wed, Oct 26, 2016 at 10:34:30PM +0200, David Herrmann wrote: > Long story short: We have uid<->uid quotas so far, which prevent DoS > attacks, unless you get access to a ridiculous amount of local UIDs. > Details on which resources are accounted can be found in the wiki [1]. Does only root user_ns uid count as separate or per-ns too? In first case we will have vitually unbounded access to UIDs. The second case can cap number of user namespaces a user can create while using bus1 inside. Or am I missing something? -- Kirill A. Shutemov