summaryrefslogtreecommitdiff
path: root/kernel/fork.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2016-08-08 13:54:50 -0500
committerEric W. Biederman <ebiederm@xmission.com>2016-08-08 14:40:30 -0500
commitf6b2db1a3e8d141dd144df58900fb0444d5d7c53 (patch)
treeaba951303e8d0c07b3f0293e33cd0af230b813a5 /kernel/fork.c
parentb376c3e1b6770ddcb4f0782be16358095fcea0b6 (diff)
userns: Make the count of user namespaces per user
Add a structure that is per user and per user ns and use it to hold the count of user namespaces. This makes prevents one user from creating denying service to another user by creating the maximum number of user namespaces. Rename the sysctl export of the maximum count from /proc/sys/userns/max_user_namespaces to /proc/sys/user/max_user_namespaces to reflect that the count is now per user. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel/fork.c')
-rw-r--r--kernel/fork.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index daa6a82b4900..d8cde533ace3 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -322,7 +322,7 @@ void __init fork_init(void)
init_task.signal->rlim[RLIMIT_SIGPENDING] =
init_task.signal->rlim[RLIMIT_NPROC];
- init_user_ns.max_user_namespaces = max_threads;
+ init_user_ns.max_user_namespaces = max_threads/2;
}
int __weak arch_dup_task_struct(struct task_struct *dst,