Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp5178361rwb; Wed, 21 Sep 2022 04:25:31 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6yH0zCtjGnsJBRA2JWN7M4x7+SpDMQCM2qqhozPmKaMsEEKIJEy2LuUvf9NJO6/fpZkq+8 X-Received: by 2002:a05:6402:748:b0:44e:b48f:f5ec with SMTP id p8-20020a056402074800b0044eb48ff5ecmr25437216edy.146.1663759531235; Wed, 21 Sep 2022 04:25:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663759531; cv=none; d=google.com; s=arc-20160816; b=qvQON+CcxRbJXTzg/Z4yGvQxiU9HapVQEcbKHeYQhbPC96RHLBhrQ/d02gsvYCJjqZ 08FMOQ7Lj7vq/w5VMi/v9v3k+YVvvtCEpg5IOuCSvHTIc9+TEFH8xkqKd1zbiA+RqzTd nARG6nvP6klP1NDxkaCkMT/fkOwYMnU5R+te2Ss3P0rE29qPOd1vvxU1SKOXyxSxijqv By1QbzUlacaBGs9gs5qSmdVp1VFq6lCrO7i2V+t7x3DAPlJxFcEhiy3VJwh7W3ktHIjm /mzxi74jOyS9pq1eVZsRt15zLEGqAq5RwNf+caEvrd+CenI8jJWlqXoA+BAltDOKR2Fy QiAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=zf+uT/FECis4vhAhVja3rheENWrVM2pMInMU/9Ic3U4=; b=ofJ7d07hg9O3U3L4ZwBtEFVvizejrHOqwmW8TvHr//Qk5Vmeav+gy7kqwop7ENcOM2 MvNHlqlEiHcEgZXk6jHI3BYxmaWM6LsQPjXce8iDKZFo9OjbX1OJ/GXCfsU9n3KHBuNA sPU6+sqILlYzod26TiLnVWnjH755jkBjUli8upU7uxdSSZ2cdEKrIqvlWy4quD5K7IXH gA6RJzwc7bSerQ71zb9vRD/zCTrUeqOmM9ZfKm+++fPivtvjdebJct7YVdIgEuBAJwjV SSQVqqaFGWftGWYM720FDXtO9k43qpOLhiei9g2jX8Ord1Wrwf9lfD5Z+81ER8KbKsSu vDtQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w19-20020a1709062f9300b0073d6f592b12si1821818eji.485.2022.09.21.04.25.04; Wed, 21 Sep 2022 04:25:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229814AbiIUKmS (ORCPT + 99 others); Wed, 21 Sep 2022 06:42:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229437AbiIUKmM (ORCPT ); Wed, 21 Sep 2022 06:42:12 -0400 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [207.211.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B494191D16 for ; Wed, 21 Sep 2022 03:42:07 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-169-Eu-kxv1ONa-VuPXCa1cVSg-1; Wed, 21 Sep 2022 06:42:03 -0400 X-MC-Unique: Eu-kxv1ONa-VuPXCa1cVSg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 91ABE29DD9A0; Wed, 21 Sep 2022 10:42:02 +0000 (UTC) Received: from comp-core-i7-2640m-0182e6.redhat.com (unknown [10.40.208.17]) by smtp.corp.redhat.com (Postfix) with ESMTP id 28D7817582; Wed, 21 Sep 2022 10:42:01 +0000 (UTC) From: Alexey Gladkov To: LKML , Linux Containers Cc: Andrew Morton , Christian Brauner , "Eric W . Biederman" , Kees Cook , Manfred Spraul Subject: [PATCH v3 0/3] Allow to change ipc/mq sysctls inside ipc namespace Date: Wed, 21 Sep 2022 12:41:46 +0200 Message-Id: In-Reply-To: <202209211737.0Bu0F40t-lkp@intel.com> References: <202209211737.0Bu0F40t-lkp@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Right now ipc and mq limits count as per ipc namespace, but only real root can change them. By default, the current values of these limits are such that it can only be reduced. Since only root can change the values, it is impossible to reduce these limits in the rootless container. We can allow limit changes within ipc namespace because mq parameters are limited by RLIMIT_MSGQUEUE and ipc parameters are not limited to anything other than cgroups. -- Alexey Gladkov (3): sysctl: Allow change system v ipc sysctls inside ipc namespace sysctl: Allow to change limits for posix messages queues docs: Add information about ipc sysctls limitations Documentation/admin-guide/sysctl/kernel.rst | 14 ++++++-- ipc/ipc_sysctl.c | 36 +++++++++++++++++++-- ipc/mq_sysctl.c | 36 +++++++++++++++++++++ 3 files changed, 81 insertions(+), 5 deletions(-) -- 2.33.4