Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | Documentation for /proc/sys/fs/* kernel version 2.2.10 |
2 | (c) 1998, 1999, Rik van Riel <riel@nl.linux.org> | |
760df93e | 3 | (c) 2009, Shen Feng<shen@cn.fujitsu.com> |
1da177e4 LT |
4 | |
5 | For general info and legal blurb, please look in README. | |
6 | ||
7 | ============================================================== | |
8 | ||
9 | This file contains documentation for the sysctl files in | |
10 | /proc/sys/fs/ and is valid for Linux kernel version 2.2. | |
11 | ||
12 | The files in this directory can be used to tune and monitor | |
13 | miscellaneous and general things in the operation of the Linux | |
14 | kernel. Since some of the files _can_ be used to screw up your | |
15 | system, it is advisable to read both documentation and source | |
16 | before actually making adjustments. | |
17 | ||
760df93e SF |
18 | 1. /proc/sys/fs |
19 | ---------------------------------------------------------- | |
20 | ||
1da177e4 | 21 | Currently, these files are in /proc/sys/fs: |
760df93e SF |
22 | - aio-max-nr |
23 | - aio-nr | |
1da177e4 LT |
24 | - dentry-state |
25 | - dquot-max | |
26 | - dquot-nr | |
27 | - file-max | |
28 | - file-nr | |
29 | - inode-max | |
30 | - inode-nr | |
31 | - inode-state | |
9cfe015a | 32 | - nr_open |
1da177e4 LT |
33 | - overflowuid |
34 | - overflowgid | |
800179c9 KC |
35 | - protected_hardlinks |
36 | - protected_symlinks | |
a2e0b563 | 37 | - suid_dumpable |
1da177e4 LT |
38 | - super-max |
39 | - super-nr | |
40 | ||
760df93e SF |
41 | ============================================================== |
42 | ||
43 | aio-nr & aio-max-nr: | |
44 | ||
45 | aio-nr is the running total of the number of events specified on the | |
46 | io_setup system call for all currently active aio contexts. If aio-nr | |
47 | reaches aio-max-nr then io_setup will fail with EAGAIN. Note that | |
48 | raising aio-max-nr does not result in the pre-allocation or re-sizing | |
49 | of any kernel data structures. | |
1da177e4 LT |
50 | |
51 | ============================================================== | |
52 | ||
53 | dentry-state: | |
54 | ||
55 | From linux/fs/dentry.c: | |
56 | -------------------------------------------------------------- | |
57 | struct { | |
58 | int nr_dentry; | |
59 | int nr_unused; | |
60 | int age_limit; /* age in seconds */ | |
61 | int want_pages; /* pages requested by system */ | |
62 | int dummy[2]; | |
63 | } dentry_stat = {0, 0, 45, 0,}; | |
64 | -------------------------------------------------------------- | |
65 | ||
66 | Dentries are dynamically allocated and deallocated, and | |
67 | nr_dentry seems to be 0 all the time. Hence it's safe to | |
68 | assume that only nr_unused, age_limit and want_pages are | |
69 | used. Nr_unused seems to be exactly what its name says. | |
70 | Age_limit is the age in seconds after which dcache entries | |
71 | can be reclaimed when memory is short and want_pages is | |
72 | nonzero when shrink_dcache_pages() has been called and the | |
73 | dcache isn't pruned yet. | |
74 | ||
75 | ============================================================== | |
76 | ||
77 | dquot-max & dquot-nr: | |
78 | ||
79 | The file dquot-max shows the maximum number of cached disk | |
80 | quota entries. | |
81 | ||
82 | The file dquot-nr shows the number of allocated disk quota | |
83 | entries and the number of free disk quota entries. | |
84 | ||
85 | If the number of free cached disk quotas is very low and | |
86 | you have some awesome number of simultaneous system users, | |
87 | you might want to raise the limit. | |
88 | ||
89 | ============================================================== | |
90 | ||
91 | file-max & file-nr: | |
92 | ||
1da177e4 LT |
93 | The value in file-max denotes the maximum number of file- |
94 | handles that the Linux kernel will allocate. When you get lots | |
95 | of error messages about running out of file handles, you might | |
96 | want to increase this limit. | |
97 | ||
ca3b78aa FT |
98 | Historically,the kernel was able to allocate file handles |
99 | dynamically, but not to free them again. The three values in | |
100 | file-nr denote the number of allocated file handles, the number | |
101 | of allocated but unused file handles, and the maximum number of | |
102 | file handles. Linux 2.6 always reports 0 as the number of free | |
103 | file handles -- this is not an error, it just means that the | |
104 | number of allocated file handles exactly matches the number of | |
105 | used file handles. | |
bcadbbd4 XF |
106 | |
107 | Attempts to allocate more file descriptors than file-max are | |
108 | reported with printk, look for "VFS: file-max limit <number> | |
109 | reached". | |
1da177e4 | 110 | ============================================================== |
9cfe015a ED |
111 | |
112 | nr_open: | |
113 | ||
114 | This denotes the maximum number of file-handles a process can | |
115 | allocate. Default value is 1024*1024 (1048576) which should be | |
116 | enough for most machines. Actual limit depends on RLIMIT_NOFILE | |
117 | resource limit. | |
118 | ||
119 | ============================================================== | |
1da177e4 LT |
120 | |
121 | inode-max, inode-nr & inode-state: | |
122 | ||
123 | As with file handles, the kernel allocates the inode structures | |
124 | dynamically, but can't free them yet. | |
125 | ||
126 | The value in inode-max denotes the maximum number of inode | |
127 | handlers. This value should be 3-4 times larger than the value | |
128 | in file-max, since stdin, stdout and network sockets also | |
129 | need an inode struct to handle them. When you regularly run | |
130 | out of inodes, you need to increase this value. | |
131 | ||
132 | The file inode-nr contains the first two items from | |
133 | inode-state, so we'll skip to that file... | |
134 | ||
135 | Inode-state contains three actual numbers and four dummies. | |
136 | The actual numbers are, in order of appearance, nr_inodes, | |
137 | nr_free_inodes and preshrink. | |
138 | ||
139 | Nr_inodes stands for the number of inodes the system has | |
140 | allocated, this can be slightly more than inode-max because | |
141 | Linux allocates them one pageful at a time. | |
142 | ||
143 | Nr_free_inodes represents the number of free inodes (?) and | |
144 | preshrink is nonzero when the nr_inodes > inode-max and the | |
145 | system needs to prune the inode list instead of allocating | |
146 | more. | |
147 | ||
148 | ============================================================== | |
149 | ||
150 | overflowgid & overflowuid: | |
151 | ||
152 | Some filesystems only support 16-bit UIDs and GIDs, although in Linux | |
153 | UIDs and GIDs are 32 bits. When one of these filesystems is mounted | |
154 | with writes enabled, any UID or GID that would exceed 65535 is translated | |
155 | to a fixed value before being written to disk. | |
156 | ||
157 | These sysctls allow you to change the value of the fixed UID and GID. | |
158 | The default is 65534. | |
159 | ||
160 | ============================================================== | |
161 | ||
800179c9 KC |
162 | protected_hardlinks: |
163 | ||
164 | A long-standing class of security issues is the hardlink-based | |
165 | time-of-check-time-of-use race, most commonly seen in world-writable | |
166 | directories like /tmp. The common method of exploitation of this flaw | |
167 | is to cross privilege boundaries when following a given hardlink (i.e. a | |
168 | root process follows a hardlink created by another user). Additionally, | |
169 | on systems without separated partitions, this stops unauthorized users | |
170 | from "pinning" vulnerable setuid/setgid files against being upgraded by | |
171 | the administrator, or linking to special files. | |
172 | ||
173 | When set to "0", hardlink creation behavior is unrestricted. | |
174 | ||
175 | When set to "1" hardlinks cannot be created by users if they do not | |
176 | already own the source file, or do not have read/write access to it. | |
177 | ||
178 | This protection is based on the restrictions in Openwall and grsecurity. | |
179 | ||
180 | ============================================================== | |
181 | ||
182 | protected_symlinks: | |
183 | ||
184 | A long-standing class of security issues is the symlink-based | |
185 | time-of-check-time-of-use race, most commonly seen in world-writable | |
186 | directories like /tmp. The common method of exploitation of this flaw | |
187 | is to cross privilege boundaries when following a given symlink (i.e. a | |
188 | root process follows a symlink belonging to another user). For a likely | |
189 | incomplete list of hundreds of examples across the years, please see: | |
190 | http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp | |
191 | ||
192 | When set to "0", symlink following behavior is unrestricted. | |
193 | ||
194 | When set to "1" symlinks are permitted to be followed only when outside | |
195 | a sticky world-writable directory, or when the uid of the symlink and | |
196 | follower match, or when the directory owner matches the symlink's owner. | |
197 | ||
198 | This protection is based on the restrictions in Openwall and grsecurity. | |
199 | ||
200 | ============================================================== | |
201 | ||
a2e0b563 AD |
202 | suid_dumpable: |
203 | ||
204 | This value can be used to query and set the core dump mode for setuid | |
205 | or otherwise protected/tainted binaries. The modes are | |
206 | ||
207 | 0 - (default) - traditional behaviour. Any process which has changed | |
9520628e | 208 | privilege levels or is execute only will not be dumped. |
a2e0b563 AD |
209 | 1 - (debug) - all processes dump core when possible. The core dump is |
210 | owned by the current user and no security is applied. This is | |
211 | intended for system debugging situations only. Ptrace is unchecked. | |
9520628e KC |
212 | This is insecure as it allows regular users to examine the memory |
213 | contents of privileged processes. | |
a2e0b563 | 214 | 2 - (suidsafe) - any binary which normally would not be dumped is dumped |
9520628e KC |
215 | anyway, but only if the "core_pattern" kernel sysctl is set to |
216 | either a pipe handler or a fully qualified path. (For more details | |
217 | on this limitation, see CVE-2006-2451.) This mode is appropriate | |
218 | when administrators are attempting to debug problems in a normal | |
219 | environment, and either have a core dump pipe handler that knows | |
220 | to treat privileged core dumps with care, or specific directory | |
221 | defined for catching core dumps. If a core dump happens without | |
222 | a pipe handler or fully qualifid path, a message will be emitted | |
223 | to syslog warning about the lack of a correct setting. | |
a2e0b563 AD |
224 | |
225 | ============================================================== | |
226 | ||
1da177e4 LT |
227 | super-max & super-nr: |
228 | ||
229 | These numbers control the maximum number of superblocks, and | |
230 | thus the maximum number of mounted filesystems the kernel | |
231 | can have. You only need to increase super-max if you need to | |
232 | mount more filesystems than the current value in super-max | |
233 | allows you to. | |
234 | ||
235 | ============================================================== | |
236 | ||
237 | aio-nr & aio-max-nr: | |
238 | ||
239 | aio-nr shows the current system-wide number of asynchronous io | |
240 | requests. aio-max-nr allows you to change the maximum value | |
241 | aio-nr can grow to. | |
242 | ||
243 | ============================================================== | |
760df93e SF |
244 | |
245 | ||
246 | 2. /proc/sys/fs/binfmt_misc | |
247 | ---------------------------------------------------------- | |
248 | ||
249 | Documentation for the files in /proc/sys/fs/binfmt_misc is | |
250 | in Documentation/binfmt_misc.txt. | |
251 | ||
252 | ||
253 | 3. /proc/sys/fs/mqueue - POSIX message queues filesystem | |
254 | ---------------------------------------------------------- | |
255 | ||
256 | The "mqueue" filesystem provides the necessary kernel features to enable the | |
257 | creation of a user space library that implements the POSIX message queues | |
258 | API (as noted by the MSG tag in the POSIX 1003.1-2001 version of the System | |
259 | Interfaces specification.) | |
260 | ||
261 | The "mqueue" filesystem contains values for determining/setting the amount of | |
262 | resources used by the file system. | |
263 | ||
264 | /proc/sys/fs/mqueue/queues_max is a read/write file for setting/getting the | |
265 | maximum number of message queues allowed on the system. | |
266 | ||
267 | /proc/sys/fs/mqueue/msg_max is a read/write file for setting/getting the | |
268 | maximum number of messages in a queue value. In fact it is the limiting value | |
269 | for another (user) limit which is set in mq_open invocation. This attribute of | |
270 | a queue must be less or equal then msg_max. | |
271 | ||
272 | /proc/sys/fs/mqueue/msgsize_max is a read/write file for setting/getting the | |
273 | maximum message size value (it is every message queue's attribute set during | |
274 | its creation). | |
275 | ||
cef0184c KM |
276 | /proc/sys/fs/mqueue/msg_default is a read/write file for setting/getting the |
277 | default number of messages in a queue value if attr parameter of mq_open(2) is | |
278 | NULL. If it exceed msg_max, the default value is initialized msg_max. | |
279 | ||
280 | /proc/sys/fs/mqueue/msgsize_default is a read/write file for setting/getting | |
281 | the default message size value if attr parameter of mq_open(2) is NULL. If it | |
282 | exceed msgsize_max, the default value is initialized msgsize_max. | |
760df93e SF |
283 | |
284 | 4. /proc/sys/fs/epoll - Configuration options for the epoll interface | |
285 | -------------------------------------------------------- | |
286 | ||
287 | This directory contains configuration options for the epoll(7) interface. | |
288 | ||
760df93e SF |
289 | max_user_watches |
290 | ---------------- | |
291 | ||
292 | Every epoll file descriptor can store a number of files to be monitored | |
293 | for event readiness. Each one of these monitored files constitutes a "watch". | |
294 | This configuration option sets the maximum number of "watches" that are | |
295 | allowed for each user. | |
296 | Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes | |
297 | on a 64bit one. | |
298 | The current default value for max_user_watches is the 1/32 of the available | |
299 | low memory, divided for the "watch" cost in bytes. | |
300 |