Documentation/sysctl/fs.txt at v5.1

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / Documentation / sysctl / fs.txt
at v5.1 374 lines 14 kB view raw
wrap content
  1Documentation for /proc/sys/fs/*	kernel version 2.2.10
  2	(c) 1998, 1999,  Rik van Riel <riel@nl.linux.org>
  3	(c) 2009,        Shen Feng<shen@cn.fujitsu.com>
  4
  5For general info and legal blurb, please look in README.
  6
  7==============================================================
  8
  9This file contains documentation for the sysctl files in
 10/proc/sys/fs/ and is valid for Linux kernel version 2.2.
 11
 12The files in this directory can be used to tune and monitor
 13miscellaneous and general things in the operation of the Linux
 14kernel. Since some of the files _can_ be used to screw up your
 15system, it is advisable to read both documentation and source
 16before actually making adjustments.
 17
 181. /proc/sys/fs
 19----------------------------------------------------------
 20
 21Currently, these files are in /proc/sys/fs:
 22- aio-max-nr
 23- aio-nr
 24- dentry-state
 25- dquot-max
 26- dquot-nr
 27- file-max
 28- file-nr
 29- inode-max
 30- inode-nr
 31- inode-state
 32- nr_open
 33- overflowuid
 34- overflowgid
 35- pipe-user-pages-hard
 36- pipe-user-pages-soft
 37- protected_fifos
 38- protected_hardlinks
 39- protected_regular
 40- protected_symlinks
 41- suid_dumpable
 42- super-max
 43- super-nr
 44
 45==============================================================
 46
 47aio-nr & aio-max-nr:
 48
 49aio-nr is the running total of the number of events specified on the
 50io_setup system call for all currently active aio contexts.  If aio-nr
 51reaches aio-max-nr then io_setup will fail with EAGAIN.  Note that
 52raising aio-max-nr does not result in the pre-allocation or re-sizing
 53of any kernel data structures.
 54
 55==============================================================
 56
 57dentry-state:
 58
 59From linux/include/linux/dcache.h:
 60--------------------------------------------------------------
 61struct dentry_stat_t dentry_stat {
 62        int nr_dentry;
 63        int nr_unused;
 64        int age_limit;         /* age in seconds */
 65        int want_pages;        /* pages requested by system */
 66        int nr_negative;       /* # of unused negative dentries */
 67        int dummy;             /* Reserved for future use */
 68};
 69--------------------------------------------------------------
 70
 71Dentries are dynamically allocated and deallocated.
 72
 73nr_dentry shows the total number of dentries allocated (active
 74+ unused). nr_unused shows the number of dentries that are not
 75actively used, but are saved in the LRU list for future reuse.
 76
 77Age_limit is the age in seconds after which dcache entries
 78can be reclaimed when memory is short and want_pages is
 79nonzero when shrink_dcache_pages() has been called and the
 80dcache isn't pruned yet.
 81
 82nr_negative shows the number of unused dentries that are also
 83negative dentries which do not map to any files. Instead,
 84they help speeding up rejection of non-existing files provided
 85by the users.
 86
 87==============================================================
 88
 89dquot-max & dquot-nr:
 90
 91The file dquot-max shows the maximum number of cached disk
 92quota entries.
 93
 94The file dquot-nr shows the number of allocated disk quota
 95entries and the number of free disk quota entries.
 96
 97If the number of free cached disk quotas is very low and
 98you have some awesome number of simultaneous system users,
 99you might want to raise the limit.
100
101==============================================================
102
103file-max & file-nr:
104
105The value in file-max denotes the maximum number of file-
106handles that the Linux kernel will allocate. When you get lots
107of error messages about running out of file handles, you might
108want to increase this limit.
109
110Historically,the kernel was able to allocate file handles
111dynamically, but not to free them again. The three values in
112file-nr denote the number of allocated file handles, the number
113of allocated but unused file handles, and the maximum number of
114file handles. Linux 2.6 always reports 0 as the number of free
115file handles -- this is not an error, it just means that the
116number of allocated file handles exactly matches the number of
117used file handles.
118
119Attempts to allocate more file descriptors than file-max are
120reported with printk, look for "VFS: file-max limit <number>
121reached".
122==============================================================
123
124nr_open:
125
126This denotes the maximum number of file-handles a process can
127allocate. Default value is 1024*1024 (1048576) which should be
128enough for most machines. Actual limit depends on RLIMIT_NOFILE
129resource limit.
130
131==============================================================
132
133inode-max, inode-nr & inode-state:
134
135As with file handles, the kernel allocates the inode structures
136dynamically, but can't free them yet.
137
138The value in inode-max denotes the maximum number of inode
139handlers. This value should be 3-4 times larger than the value
140in file-max, since stdin, stdout and network sockets also
141need an inode struct to handle them. When you regularly run
142out of inodes, you need to increase this value.
143
144The file inode-nr contains the first two items from
145inode-state, so we'll skip to that file...
146
147Inode-state contains three actual numbers and four dummies.
148The actual numbers are, in order of appearance, nr_inodes,
149nr_free_inodes and preshrink.
150
151Nr_inodes stands for the number of inodes the system has
152allocated, this can be slightly more than inode-max because
153Linux allocates them one pageful at a time.
154
155Nr_free_inodes represents the number of free inodes (?) and
156preshrink is nonzero when the nr_inodes > inode-max and the
157system needs to prune the inode list instead of allocating
158more.
159
160==============================================================
161
162overflowgid & overflowuid:
163
164Some filesystems only support 16-bit UIDs and GIDs, although in Linux
165UIDs and GIDs are 32 bits. When one of these filesystems is mounted
166with writes enabled, any UID or GID that would exceed 65535 is translated
167to a fixed value before being written to disk.
168
169These sysctls allow you to change the value of the fixed UID and GID.
170The default is 65534.
171
172==============================================================
173
174pipe-user-pages-hard:
175
176Maximum total number of pages a non-privileged user may allocate for pipes.
177Once this limit is reached, no new pipes may be allocated until usage goes
178below the limit again. When set to 0, no limit is applied, which is the default
179setting.
180
181==============================================================
182
183pipe-user-pages-soft:
184
185Maximum total number of pages a non-privileged user may allocate for pipes
186before the pipe size gets limited to a single page. Once this limit is reached,
187new pipes will be limited to a single page in size for this user in order to
188limit total memory usage, and trying to increase them using fcntl() will be
189denied until usage goes below the limit again. The default value allows to
190allocate up to 1024 pipes at their default size. When set to 0, no limit is
191applied.
192
193==============================================================
194
195protected_fifos:
196
197The intent of this protection is to avoid unintentional writes to
198an attacker-controlled FIFO, where a program expected to create a regular
199file.
200
201When set to "0", writing to FIFOs is unrestricted.
202
203When set to "1" don't allow O_CREAT open on FIFOs that we don't own
204in world writable sticky directories, unless they are owned by the
205owner of the directory.
206
207When set to "2" it also applies to group writable sticky directories.
208
209This protection is based on the restrictions in Openwall.
210
211==============================================================
212
213protected_hardlinks:
214
215A long-standing class of security issues is the hardlink-based
216time-of-check-time-of-use race, most commonly seen in world-writable
217directories like /tmp. The common method of exploitation of this flaw
218is to cross privilege boundaries when following a given hardlink (i.e. a
219root process follows a hardlink created by another user). Additionally,
220on systems without separated partitions, this stops unauthorized users
221from "pinning" vulnerable setuid/setgid files against being upgraded by
222the administrator, or linking to special files.
223
224When set to "0", hardlink creation behavior is unrestricted.
225
226When set to "1" hardlinks cannot be created by users if they do not
227already own the source file, or do not have read/write access to it.
228
229This protection is based on the restrictions in Openwall and grsecurity.
230
231==============================================================
232
233protected_regular:
234
235This protection is similar to protected_fifos, but it
236avoids writes to an attacker-controlled regular file, where a program
237expected to create one.
238
239When set to "0", writing to regular files is unrestricted.
240
241When set to "1" don't allow O_CREAT open on regular files that we
242don't own in world writable sticky directories, unless they are
243owned by the owner of the directory.
244
245When set to "2" it also applies to group writable sticky directories.
246
247==============================================================
248
249protected_symlinks:
250
251A long-standing class of security issues is the symlink-based
252time-of-check-time-of-use race, most commonly seen in world-writable
253directories like /tmp. The common method of exploitation of this flaw
254is to cross privilege boundaries when following a given symlink (i.e. a
255root process follows a symlink belonging to another user). For a likely
256incomplete list of hundreds of examples across the years, please see:
257http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
258
259When set to "0", symlink following behavior is unrestricted.
260
261When set to "1" symlinks are permitted to be followed only when outside
262a sticky world-writable directory, or when the uid of the symlink and
263follower match, or when the directory owner matches the symlink's owner.
264
265This protection is based on the restrictions in Openwall and grsecurity.
266
267==============================================================
268
269suid_dumpable:
270
271This value can be used to query and set the core dump mode for setuid
272or otherwise protected/tainted binaries. The modes are
273
2740 - (default) - traditional behaviour. Any process which has changed
275	privilege levels or is execute only will not be dumped.
2761 - (debug) - all processes dump core when possible. The core dump is
277	owned by the current user and no security is applied. This is
278	intended for system debugging situations only. Ptrace is unchecked.
279	This is insecure as it allows regular users to examine the memory
280	contents of privileged processes.
2812 - (suidsafe) - any binary which normally would not be dumped is dumped
282	anyway, but only if the "core_pattern" kernel sysctl is set to
283	either a pipe handler or a fully qualified path. (For more details
284	on this limitation, see CVE-2006-2451.) This mode is appropriate
285	when administrators are attempting to debug problems in a normal
286	environment, and either have a core dump pipe handler that knows
287	to treat privileged core dumps with care, or specific directory
288	defined for catching core dumps. If a core dump happens without
289	a pipe handler or fully qualifid path, a message will be emitted
290	to syslog warning about the lack of a correct setting.
291
292==============================================================
293
294super-max & super-nr:
295
296These numbers control the maximum number of superblocks, and
297thus the maximum number of mounted filesystems the kernel
298can have. You only need to increase super-max if you need to
299mount more filesystems than the current value in super-max
300allows you to.
301
302==============================================================
303
304aio-nr & aio-max-nr:
305
306aio-nr shows the current system-wide number of asynchronous io
307requests.  aio-max-nr allows you to change the maximum value
308aio-nr can grow to.
309
310==============================================================
311
312mount-max:
313
314This denotes the maximum number of mounts that may exist
315in a mount namespace.
316
317==============================================================
318
319
3202. /proc/sys/fs/binfmt_misc
321----------------------------------------------------------
322
323Documentation for the files in /proc/sys/fs/binfmt_misc is
324in Documentation/admin-guide/binfmt-misc.rst.
325
326
3273. /proc/sys/fs/mqueue - POSIX message queues filesystem
328----------------------------------------------------------
329
330The "mqueue"  filesystem provides  the necessary kernel features to enable the
331creation of a  user space  library that  implements  the  POSIX message queues
332API (as noted by the  MSG tag in the  POSIX 1003.1-2001 version  of the System
333Interfaces specification.)
334
335The "mqueue" filesystem contains values for determining/setting  the amount of
336resources used by the file system.
337
338/proc/sys/fs/mqueue/queues_max is a read/write  file for  setting/getting  the
339maximum number of message queues allowed on the system.
340
341/proc/sys/fs/mqueue/msg_max  is  a  read/write file  for  setting/getting  the
342maximum number of messages in a queue value.  In fact it is the limiting value
343for another (user) limit which is set in mq_open invocation. This attribute of
344a queue must be less or equal then msg_max.
345
346/proc/sys/fs/mqueue/msgsize_max is  a read/write  file for setting/getting the
347maximum  message size value (it is every  message queue's attribute set during
348its creation).
349
350/proc/sys/fs/mqueue/msg_default is  a read/write  file for setting/getting the
351default number of messages in a queue value if attr parameter of mq_open(2) is
352NULL. If it exceed msg_max, the default value is initialized msg_max.
353
354/proc/sys/fs/mqueue/msgsize_default is a read/write file for setting/getting
355the default message size value if attr parameter of mq_open(2) is NULL. If it
356exceed msgsize_max, the default value is initialized msgsize_max.
357
3584. /proc/sys/fs/epoll - Configuration options for the epoll interface
359--------------------------------------------------------
360
361This directory contains configuration options for the epoll(7) interface.
362
363max_user_watches
364----------------
365
366Every epoll file descriptor can store a number of files to be monitored
367for event readiness. Each one of these monitored files constitutes a "watch".
368This configuration option sets the maximum number of "watches" that are
369allowed for each user.
370Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes
371on a 64bit one.
372The current default value for  max_user_watches  is the 1/32 of the available
373low memory, divided for the "watch" cost in bytes.
374
Configure Feed

Configure Feed
