Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753780AbcJ2VGM (ORCPT ); Sat, 29 Oct 2016 17:06:12 -0400 Received: from relay5-d.mail.gandi.net ([217.70.183.197]:51445 "EHLO relay5-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752262AbcJ2VEq (ORCPT ); Sat, 29 Oct 2016 17:04:46 -0400 X-Originating-IP: 50.39.170.172 Date: Sat, 29 Oct 2016 14:04:37 -0700 From: Josh Triplett To: "Kirill A. Shutemov" Cc: David Herrmann , Linus Torvalds , Linux Kernel Mailing List , Andy Lutomirski , Jiri Kosina , Greg KH , Hannes Reinecke , Steven Rostedt , Arnd Bergmann , Tom Gundersen , Andrew Morton Subject: Re: [RFC v1 00/14] Bus1 Kernel Message Bus Message-ID: <20161029210437.la5opn65xxsdlrvb@x> References: <20161026191810.12275-1-dh.herrmann@gmail.com> <20161027004524.GA4184@node> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161027004524.GA4184@node> User-Agent: NeoMutt/20161014 (1.7.1) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 990 Lines: 21 On Thu, Oct 27, 2016 at 03:45:24AM +0300, Kirill A. Shutemov wrote: > On Wed, Oct 26, 2016 at 10:34:30PM +0200, David Herrmann wrote: > > Long story short: We have uid<->uid quotas so far, which prevent DoS > > attacks, unless you get access to a ridiculous amount of local UIDs. > > Details on which resources are accounted can be found in the wiki [1]. > > Does only root user_ns uid count as separate or per-ns too? > > In first case we will have vitually unbounded access to UIDs. > > The second case can cap number of user namespaces a user can create while > using bus1 inside. That seems easy enough to solve. Make the uid<->uid quota use uids in the namespace of the side whose resources the operation uses. That way, if both sender and recipient live in a user namespace then you get quota per user in the namespace, but you can't use a user namespace to cheat and manufacture more users to get more quota when talking to something *outside* that namespace. - Josh Triplett