Documentation/admin-guide/namespaces/resource-control.rst

Source file repositories/reference/linux-study-clean/Documentation/admin-guide/namespaces/resource-control.rst

File Facts

System
Linux kernel
Corpus path
Documentation/admin-guide/namespaces/resource-control.rst
Extension
.rst
Size
875 bytes
Lines
19
Domain
Support Tooling And Documentation
Bucket
Documentation
Inferred role
Support Tooling And Documentation: documentation
Status
atlas-only

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

====================================
User namespaces and resource control
====================================

The kernel contains many kinds of objects that either don't have
individual limits or that have limits which are ineffective when
a set of processes is allowed to switch their UID. On a system
where the admins don't trust their users or their users' programs,
user namespaces expose the system to potential misuse of resources.

In order to mitigate this, we recommend that admins enable memory
control groups on any system that enables user namespaces.
Furthermore, we recommend that admins configure the memory control
groups to limit the maximum memory usable by any untrusted user.

Memory control groups can be configured by installing the libcgroup
package present on most distros editing /etc/cgrules.conf,
/etc/cgconfig.conf and setting up libpam-cgroup.

Annotation

Implementation Notes