Re: [PATCH 0/2 v2] userns: show current values of user namespace counters

From: Eric W. Biederman
Date: Mon Oct 10 2016 - 16:46:13 EST


Andrei Vagin <avagin@xxxxxxxxxxxxx> writes:

> On Thu, Oct 06, 2016 at 02:33:53PM -0500, Eric W. Biederman wrote:
>> Andrei Vagin <avagin@xxxxxxxxxxxxx> writes:
>>
>> > Hello Eric,
>> >
>> > What do you think about this series? It should be useful to know current
>> > usage for user counters.
>>
>> I am in favor of knowing the values. Unless there is a good reason not
>> to we should export the values with a read-only sysctl. I believe that
>> is what other similar limits do.
>
> I want to have a place where I will be able to get limits for all
> users. I can't imagine how to do this with a sysctl. It will looks like
> multiline sysct-s, what doesn't look good. I will think. If you will
> have any ideas let me know. Thanks.

Something that has been on my wish list for a while has been to modify
/proc/sys/... to also show up under /proc/<pid>/sys/... for the
non-global values. Now it might make sense to show these things in an
alternate filesystem.

At the same time I am a little leary of the desire. Changing these
limits and watching them in a per-process / per-user sense is fine.
However their fundamental purpose is to be set and forget limits and
that only rarely should anyone need to mess with. Which makes the
primary purpose of looking at them debugging and verifying that the
limits are set to reasonable values.

Active management if someone wants to go there is possible but it will
never be the primary purpose of these limits.

>> As for having per process knowledge I think that is probably something
>> we want to solve for these sysctls as well.
>>
>> I don't think I saw anyone looking at this code from the perspective of
>> information leaks. I think we need to ask that question, as similar
>> interfaces have been problematic from an information leak point of view.
>
> It's a good question.

I expect that we don't actually care. The kernel tends to leak a lot of
this kind of information. But I figure we should at least be able to
say we thought about it and we don't care.

Eric