leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mainlining shenanigans
998,387 Commits 2 Branches 0 Tags 5.1 GiB
C 97.7%
Assembly 1.1%
Shell 0.4%
Makefile 0.3%
Python 0.2%
Other 0.1%
21d1c5e386
Go to file
Alexey Gladkov 21d1c5e386 Reimplement RLIMIT_NPROC on top of ucounts 
The rlimit counter is tied to uid in the user_namespace. This allows
rlimit values to be specified in userns even if they are already
globally exceeded by the user. However, the value of the previous
user_namespaces cannot be exceeded.

To illustrate the impact of rlimits, let's say there is a program that
does not fork. Some service-A wants to run this program as user X in
multiple containers. Since the program never fork the service wants to
set RLIMIT_NPROC=1.

service-A
 \- program (uid=1000, container1, rlimit_nproc=1)
 \- program (uid=1000, container2, rlimit_nproc=1)

The service-A sets RLIMIT_NPROC=1 and runs the program in container1.
When the service-A tries to run a program with RLIMIT_NPROC=1 in
container2 it fails since user X already has one running process.

We cannot use existing inc_ucounts / dec_ucounts because they do not
allow us to exceed the maximum for the counter. Some rlimits can be
overlimited by root or if the user has the appropriate capability.

Changelog

v11:
* Change inc_rlimit_ucounts() which now returns top value of ucounts.
* Drop inc_rlimit_ucounts_and_test() because the return code of
  inc_rlimit_ucounts() can be checked.

Signed-off-by: Alexey Gladkov <legion@kernel.org>
Link: https://lkml.kernel.org/r/c5286a8aa16d2d698c222f7532f3d735c82bc6bc.1619094428.git.legion@kernel.org
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2021-04-30 14:14:01 -05:00
arch - Fix BDW Xeon's stepping in the PEBS isolation table of CPUs 2021-04-25 09:42:06 -07:00
block block: return -EBUSY when there are open partitions in blkdev_reread_part 2021-04-21 10:49:37 -06:00
certs certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID 2021-01-21 16:16:10 +00:00
crypto crypto: mips/poly1305 - enable for all MIPS processors 2021-03-08 11:52:17 +01:00
Documentation Networking fixes for 5.12-rc8, including fixes from netfilter, 2021-04-17 09:57:15 -07:00
drivers Late pin control fixes for v5.12: 2021-04-23 17:11:10 -07:00
fs Reimplement RLIMIT_NPROC on top of ucounts 2021-04-30 14:14:01 -05:00
include Reimplement RLIMIT_NPROC on top of ucounts 2021-04-30 14:14:01 -05:00
init Merge branch 'akpm' (patches from Andrew) 2021-03-14 12:23:34 -07:00
ipc fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
kernel Reimplement RLIMIT_NPROC on top of ucounts 2021-04-30 14:14:01 -05:00
lib lib: remove "expecting prototype" kernel-doc warnings 2021-04-16 16:10:37 -07:00
LICENSES LICENSES: Add the CC-BY-4.0 license 2020-12-08 10:33:27 -07:00
mm mm/filemap: fix mapping_seek_hole_data on THP & 32-bit 2021-04-23 14:42:39 -07:00
net Revert "net/rds: Avoid potential use after free in rds_send_remove_from_sock" 2021-04-24 09:32:35 -07:00
samples Merge git://git.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2021-03-09 17:15:56 -08:00
scripts kasan: remove redundant config option 2021-04-16 16:10:36 -07:00
security KEYS: trusted: Fix TPM reservation for seal/unseal 2021-04-21 16:28:20 -07:00
sound sound fixes for 5.12-rc7 2021-04-08 09:01:30 -07:00
tools perf tools fixes for v5.12: 4th batch 2021-04-25 09:48:46 -07:00
usr Kbuild updates for v5.12 2021-02-25 10:17:31 -08:00
virt KVM: x86/mmu: Consider the hva in mmu_notifier retry 2021-02-22 13:16:53 -05:00
.clang-format cxl for 5.12 2021-02-24 09:38:36 -08:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore clang-lto series for v5.12-rc1 2021-02-23 09:28:51 -08:00
.mailmap .mailmap: fix old email addresses 2021-04-09 14:54:23 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS treewide: Miguel has moved 2021-02-26 09:41:03 -08:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS ARM SoC fixes for v5.12, part 2 2021-04-18 13:23:26 -07:00
Makefile Linux 5.12 2021-04-25 13:49:08 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.