Received: by 2002:a05:7412:8d11:b0:fa:4934:9f with SMTP id bj17csp610264rdb; Mon, 15 Jan 2024 07:48:45 -0800 (PST) X-Google-Smtp-Source: AGHT+IHlBrelG1Sqh6HvuDBstACC8uS/vpUtq7u2nTEYoNHZBQs5ULDXVMIOD1pWH//fyEMPYYpK X-Received: by 2002:a05:6359:1a86:b0:172:e470:39f2 with SMTP id rv6-20020a0563591a8600b00172e47039f2mr3761139rwb.24.1705333725590; Mon, 15 Jan 2024 07:48:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1705333725; cv=none; d=google.com; s=arc-20160816; b=AI2UY7os25aPGpVyIQLB6OPjN8QQAPMXU5YW7giVmrI9Y2qEd/sQ2HWuFj5UtLyM6I 34TGsOj/t1FmzzCzhvo3vIgweO0UBiiv2CbrYfuq4y0+fWAZs+F6cgYIykICfZb5M2F4 G29N079KPk3eT1P2n8a2IGA38ujsLCKL+UaGF1qKMbKJnytkWPQNgTLJP6Fee63IW4I4 KXxuTRIT7SUOSM2IeOYMASuzezG+KTj/V7UlHj/DeN7J4VF/OS2xxtWYxOVghUFp/UYr nVRtiIIqv5uC5wHogDPILn1J9qkimLPGatLlTW5iVqrfneyF+eQLqK5f75H5QPdwOf8k ZmNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=ErN2l8BtpANMh/9d+Jp1JEBdqO2SiFSnfmX2CTCOAQQ=; fh=zd5tx2mrKpeDSq8i29C8fPinxTee353gUXgQsj9s1wU=; b=EY6AGLok6uM7Mp6IE+EkOiW/T4F03y9Y8uUYcaz2wIIVPxAPsf274VH+qCn1qSZGuZ yDShvm/Ml1h7z7Kr8hVcsdgqm+wITjNEfKeG1VpkeGkZF/GodzyryUKoC03t4qFF8Hol LRlV+lPAJ9yZlH13PiIO2+RePB28g2Sk1QYvVYgbcGYY+uHZxs96pgIaF+M/g1eEgJbr qq9/kCH+VyuKNs5Q3p7ycbzAQVetjc3WrJGsYjViYd9fSDqSOxr7v9xR45Sq2QseC6LJ LfGKv+gqFulvUCJ7YIwz+FR18FHRDq6YfmbnCJLhq5uSxc25KlEwEoF0H88EuNwJRSVC NVag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-26191-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26191-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id n21-20020a637215000000b005be00212aa7si9003722pgc.663.2024.01.15.07.48.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 07:48:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-26191-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-26191-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-26191-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id D3B0FB219CF for ; Mon, 15 Jan 2024 15:48:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1BAF117756; Mon, 15 Jan 2024 15:48:30 +0000 (UTC) Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63E3B17753 for ; Mon, 15 Jan 2024 15:48:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=kernel.org Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-588-mu28odDXNe6GqZItmyk1Zg-1; Mon, 15 Jan 2024 10:47:11 -0500 X-MC-Unique: mu28odDXNe6GqZItmyk1Zg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 34DB5863012; Mon, 15 Jan 2024 15:47:11 +0000 (UTC) Received: from localhost.redhat.com (unknown [10.45.226.182]) by smtp.corp.redhat.com (Postfix) with ESMTP id B45B13C25; Mon, 15 Jan 2024 15:47:09 +0000 (UTC) From: Alexey Gladkov To: LKML , Linux Containers Cc: Andrew Morton , Christian Brauner , "Eric W . Biederman" , Joel Granados , Kees Cook , Luis Chamberlain , Manfred Spraul Subject: [RESEND PATCH v3 0/3] Allow to change ipc/mq sysctls inside ipc namespace Date: Mon, 15 Jan 2024 15:46:40 +0000 Message-ID: In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 Right now ipc and mq limits count as per ipc namespace, but only real root can change them. By default, the current values of these limits are such that it can only be reduced. Since only root can change the values, it is impossible to reduce these limits in the rootless container. We can allow limit changes within ipc namespace because mq parameters are limited by RLIMIT_MSGQUEUE and ipc parameters are not limited to anything other than cgroups. This is just a rebase of patches on v6.7-6264-g70d201a40823. --- Alexey Gladkov (3): sysctl: Allow change system v ipc sysctls inside ipc namespace docs: Add information about ipc sysctls limitations sysctl: Allow to change limits for posix messages queues Documentation/admin-guide/sysctl/kernel.rst | 14 ++++++-- ipc/ipc_sysctl.c | 37 +++++++++++++++++++-- ipc/mq_sysctl.c | 36 ++++++++++++++++++++ 3 files changed, 82 insertions(+), 5 deletions(-) -- 2.43.0