Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp4329930rwb; Tue, 20 Sep 2022 12:10:47 -0700 (PDT) X-Google-Smtp-Source: AMsMyM64tNUU+QRWhkNj7gRPcvFUmWNdiJDJ4b/NYOP97NJguZ0s0NyYrPC1+No1sqjP4f+u7GuZ X-Received: by 2002:a05:6402:1f15:b0:453:a795:4c60 with SMTP id b21-20020a0564021f1500b00453a7954c60mr15165711edb.75.1663701046948; Tue, 20 Sep 2022 12:10:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663701046; cv=none; d=google.com; s=arc-20160816; b=P70KXYy6frAU3FG2ydKkPRgYKam8KiKs0xf3koPCVzc1wYsL0jpIuMkrkDOJpC2R+k kTxZNak+6qtUGElKgo+XMlA6PvcSbkURHoycy0KLmJo9bwdn8Nv2wgP6WJ8jj6aAKmxb iOWRW51lNe4HGoByOlUtRS1++tUJLfa2OnqeFJqd2JQlwmoS2lJz/1ghtTxmZliHAl6v etWau8o16p4VCwSHpX65tocnmZRwRlx63HdErkjdfqgx6Ccc4FfzdI4qe5RLwArz/j5Q 5XjVDJmJScccoYJdNtOQEWmBcRvw5MHyh215zDzgZnG3DYNkSVdaB/0VGMSxq2uAVYU4 1jkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=+sqeThlBTaAvj0aBp7z5i72Gk/inqqlCxwzwGKaONy4=; b=wzL4b9YQUPJFPLDGQhKblaeShhKwl4LFlmzAFvdAgWfwyuPdqaLQd3VAaZ3bwyzZdb INq7GoVTr9g9smyYTpx2VTasVcb33jI26H75s/gxBgeniwAOG8XJFNc3w4nUZS+L/Vtl xi1NjjsiONV3gRbIbnSOz//6/UbGm/iMGUvXAGkp4KbNEcujx9CiNe5pwugfIO2azHKu 7Kxf/ETWRKo5+THiD3DFCZFKfgJvx2Fi5wsA5gqxTT86ZJC4Va/brG1udLeTQkhoDksK aaNpvsTvSHyxEwsxoOrydO0kSxZHL3NcvcSX3vftHaiCeF62vtvIFcpOfcjZQikhP8d7 YbBQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cr11-20020a170906d54b00b0073d7de9711dsi487107ejc.650.2022.09.20.12.10.20; Tue, 20 Sep 2022 12:10:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230400AbiITSJF (ORCPT + 99 others); Tue, 20 Sep 2022 14:09:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40426 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230506AbiITSI6 (ORCPT ); Tue, 20 Sep 2022 14:08:58 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09A7C659C9 for ; Tue, 20 Sep 2022 11:08:52 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-257-x-Fw1OT7PQyBs5EUD9ZOWQ-1; Tue, 20 Sep 2022 14:08:45 -0400 X-MC-Unique: x-Fw1OT7PQyBs5EUD9ZOWQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 035CA29AB42D; Tue, 20 Sep 2022 18:08:45 +0000 (UTC) Received: from comp-core-i7-2640m-0182e6.redhat.com (unknown [10.40.208.17]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9463D2166B26; Tue, 20 Sep 2022 18:08:43 +0000 (UTC) From: Alexey Gladkov To: LKML , Linux Containers Cc: Andrew Morton , Christian Brauner , "Eric W . Biederman" , Kees Cook , Manfred Spraul Subject: [PATCH v2 0/3] Allow to change ipc/mq sysctls inside ipc namespace Date: Tue, 20 Sep 2022 20:08:19 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Right now ipc and mq limits count as per ipc namespace, but only real root can change them. By default, the current values of these limits are such that it can only be reduced. Since only root can change the values, it is impossible to reduce these limits in the rootless container. We can allow limit changes within ipc namespace because mq parameters are limited by RLIMIT_MSGQUEUE and ipc parameters are not limited to anything other than cgroups. -- Alexey Gladkov (3): sysctl: Allow change system v ipc sysctls inside ipc namespace sysctl: Allow to change limits for posix messages queues docs: Add information about ipc sysctls limitations Documentation/admin-guide/sysctl/kernel.rst | 14 ++++++-- ipc/ipc_sysctl.c | 34 ++++++++++++++++-- ipc/mq_sysctl.c | 38 +++++++++++++++++++++ 3 files changed, 80 insertions(+), 6 deletions(-) -- 2.33.4