1 =============================== 1 ===============================
2 Documentation for /proc/sys/fs/ 2 Documentation for /proc/sys/fs/
3 =============================== 3 ===============================
4 4
>> 5 kernel version 2.2.10
>> 6
5 Copyright (c) 1998, 1999, Rik van Riel <riel@n 7 Copyright (c) 1998, 1999, Rik van Riel <riel@nl.linux.org>
6 8
7 Copyright (c) 2009, Shen Feng<shen@cn.fu 9 Copyright (c) 2009, Shen Feng<shen@cn.fujitsu.com>
8 10
9 For general info and legal blurb, please look 11 For general info and legal blurb, please look in intro.rst.
10 12
11 ---------------------------------------------- 13 ------------------------------------------------------------------------------
12 14
13 This file contains documentation for the sysct !! 15 This file contains documentation for the sysctl files in
14 in ``/proc/sys/fs/``. !! 16 /proc/sys/fs/ and is valid for Linux kernel version 2.2.
15 17
16 The files in this directory can be used to tun 18 The files in this directory can be used to tune and monitor
17 miscellaneous and general things in the operat 19 miscellaneous and general things in the operation of the Linux
18 kernel. Since some of the files *can* be used !! 20 kernel. Since some of the files _can_ be used to screw up your
19 system, it is advisable to read both documenta 21 system, it is advisable to read both documentation and source
20 before actually making adjustments. 22 before actually making adjustments.
21 23
22 1. /proc/sys/fs 24 1. /proc/sys/fs
23 =============== 25 ===============
24 26
25 Currently, these files might (depending on you !! 27 Currently, these files are in /proc/sys/fs:
26 show up in ``/proc/sys/fs``: <<
27 28
28 .. contents:: :local: !! 29 - aio-max-nr
>> 30 - aio-nr
>> 31 - dentry-state
>> 32 - dquot-max
>> 33 - dquot-nr
>> 34 - file-max
>> 35 - file-nr
>> 36 - inode-max
>> 37 - inode-nr
>> 38 - inode-state
>> 39 - nr_open
>> 40 - overflowuid
>> 41 - overflowgid
>> 42 - pipe-user-pages-hard
>> 43 - pipe-user-pages-soft
>> 44 - protected_fifos
>> 45 - protected_hardlinks
>> 46 - protected_regular
>> 47 - protected_symlinks
>> 48 - suid_dumpable
>> 49 - super-max
>> 50 - super-nr
29 51
30 52
31 aio-nr & aio-max-nr 53 aio-nr & aio-max-nr
32 ------------------- 54 -------------------
33 55
34 ``aio-nr`` shows the current system-wide numbe !! 56 aio-nr is the running total of the number of events specified on the
35 requests. ``aio-max-nr`` allows you to change !! 57 io_setup system call for all currently active aio contexts. If aio-nr
36 ``aio-nr`` can grow to. If ``aio-nr`` reaches !! 58 reaches aio-max-nr then io_setup will fail with EAGAIN. Note that
37 ``io_setup`` will fail with ``EAGAIN``. Note !! 59 raising aio-max-nr does not result in the pre-allocation or re-sizing
38 ``aio-max-nr`` does not result in the !! 60 of any kernel data structures.
39 pre-allocation or re-sizing of any kernel data <<
40 <<
41 dentry-negative <<
42 ---------------------------- <<
43 61
44 Policy for negative dentries. Set to 1 to to a <<
45 file is removed, and 0 to disable it. By defau <<
46 62
47 dentry-state 63 dentry-state
48 ------------ 64 ------------
49 65
50 This file shows the values in ``struct dentry_ !! 66 From linux/include/linux/dcache.h::
51 ``fs/dcache.c``:: <<
52 67
53 struct dentry_stat_t dentry_stat { 68 struct dentry_stat_t dentry_stat {
54 long nr_dentry; !! 69 int nr_dentry;
55 long nr_unused; !! 70 int nr_unused;
56 long age_limit; /* age in seco !! 71 int age_limit; /* age in seconds */
57 long want_pages; /* pages reque !! 72 int want_pages; /* pages requested by system */
58 long nr_negative; /* # of unused !! 73 int nr_negative; /* # of unused negative dentries */
59 long dummy; /* Reserved fo !! 74 int dummy; /* Reserved for future use */
60 }; 75 };
61 76
62 Dentries are dynamically allocated and dealloc 77 Dentries are dynamically allocated and deallocated.
63 78
64 ``nr_dentry`` shows the total number of dentri !! 79 nr_dentry shows the total number of dentries allocated (active
65 + unused). ``nr_unused shows`` the number of d !! 80 + unused). nr_unused shows the number of dentries that are not
66 actively used, but are saved in the LRU list f 81 actively used, but are saved in the LRU list for future reuse.
67 82
68 ``age_limit`` is the age in seconds after whic !! 83 Age_limit is the age in seconds after which dcache entries
69 can be reclaimed when memory is short and ``wa !! 84 can be reclaimed when memory is short and want_pages is
70 nonzero when ``shrink_dcache_pages()`` has bee !! 85 nonzero when shrink_dcache_pages() has been called and the
71 dcache isn't pruned yet. 86 dcache isn't pruned yet.
72 87
73 ``nr_negative`` shows the number of unused den !! 88 nr_negative shows the number of unused dentries that are also
74 negative dentries which do not map to any file 89 negative dentries which do not map to any files. Instead,
75 they help speeding up rejection of non-existin 90 they help speeding up rejection of non-existing files provided
76 by the users. 91 by the users.
77 92
78 93
>> 94 dquot-max & dquot-nr
>> 95 --------------------
>> 96
>> 97 The file dquot-max shows the maximum number of cached disk
>> 98 quota entries.
>> 99
>> 100 The file dquot-nr shows the number of allocated disk quota
>> 101 entries and the number of free disk quota entries.
>> 102
>> 103 If the number of free cached disk quotas is very low and
>> 104 you have some awesome number of simultaneous system users,
>> 105 you might want to raise the limit.
>> 106
>> 107
79 file-max & file-nr 108 file-max & file-nr
80 ------------------ 109 ------------------
81 110
82 The value in ``file-max`` denotes the maximum !! 111 The value in file-max denotes the maximum number of file-
83 handles that the Linux kernel will allocate. W 112 handles that the Linux kernel will allocate. When you get lots
84 of error messages about running out of file ha 113 of error messages about running out of file handles, you might
85 want to increase this limit. 114 want to increase this limit.
86 115
87 Historically,the kernel was able to allocate f 116 Historically,the kernel was able to allocate file handles
88 dynamically, but not to free them again. The t 117 dynamically, but not to free them again. The three values in
89 ``file-nr`` denote the number of allocated fil !! 118 file-nr denote the number of allocated file handles, the number
90 of allocated but unused file handles, and the 119 of allocated but unused file handles, and the maximum number of
91 file handles. Linux 2.6 and later always repor !! 120 file handles. Linux 2.6 always reports 0 as the number of free
92 file handles -- this is not an error, it just 121 file handles -- this is not an error, it just means that the
93 number of allocated file handles exactly match 122 number of allocated file handles exactly matches the number of
94 used file handles. 123 used file handles.
95 124
96 Attempts to allocate more file descriptors tha !! 125 Attempts to allocate more file descriptors than file-max are
97 reported with ``printk``, look for:: !! 126 reported with printk, look for "VFS: file-max limit <number>
>> 127 reached".
>> 128
98 129
99 VFS: file-max limit <number> reached !! 130 nr_open
>> 131 -------
100 132
101 in the kernel logs. !! 133 This denotes the maximum number of file-handles a process can
>> 134 allocate. Default value is 1024*1024 (1048576) which should be
>> 135 enough for most machines. Actual limit depends on RLIMIT_NOFILE
>> 136 resource limit.
102 137
103 138
104 inode-nr & inode-state !! 139 inode-max, inode-nr & inode-state
105 ---------------------- !! 140 ---------------------------------
106 141
107 As with file handles, the kernel allocates the 142 As with file handles, the kernel allocates the inode structures
108 dynamically, but can't free them yet. 143 dynamically, but can't free them yet.
109 144
110 The file ``inode-nr`` contains the first two i !! 145 The value in inode-max denotes the maximum number of inode
111 ``inode-state``, so we'll skip to that file... !! 146 handlers. This value should be 3-4 times larger than the value
112 !! 147 in file-max, since stdin, stdout and network sockets also
113 ``inode-state`` contains three actual numbers !! 148 need an inode struct to handle them. When you regularly run
114 The actual numbers are, in order of appearance !! 149 out of inodes, you need to increase this value.
115 ``nr_free_inodes`` and ``preshrink``. !! 150
>> 151 The file inode-nr contains the first two items from
>> 152 inode-state, so we'll skip to that file...
>> 153
>> 154 Inode-state contains three actual numbers and four dummies.
>> 155 The actual numbers are, in order of appearance, nr_inodes,
>> 156 nr_free_inodes and preshrink.
>> 157
>> 158 Nr_inodes stands for the number of inodes the system has
>> 159 allocated, this can be slightly more than inode-max because
>> 160 Linux allocates them one pageful at a time.
116 161
117 ``nr_inodes`` stands for the number of inodes !! 162 Nr_free_inodes represents the number of free inodes (?) and
118 allocated. !! 163 preshrink is nonzero when the nr_inodes > inode-max and the
119 <<
120 ``nr_free_inodes`` represents the number of fr <<
121 preshrink is nonzero when the <<
122 system needs to prune the inode list instead o 164 system needs to prune the inode list instead of allocating
123 more. 165 more.
124 166
125 167
126 mount-max <<
127 --------- <<
128 <<
129 This denotes the maximum number of mounts that <<
130 in a mount namespace. <<
131 <<
132 <<
133 nr_open <<
134 ------- <<
135 <<
136 This denotes the maximum number of file-handle <<
137 allocate. Default value is 1024*1024 (1048576) <<
138 enough for most machines. Actual limit depends <<
139 resource limit. <<
140 <<
141 <<
142 overflowgid & overflowuid 168 overflowgid & overflowuid
143 ------------------------- 169 -------------------------
144 170
145 Some filesystems only support 16-bit UIDs and 171 Some filesystems only support 16-bit UIDs and GIDs, although in Linux
146 UIDs and GIDs are 32 bits. When one of these f 172 UIDs and GIDs are 32 bits. When one of these filesystems is mounted
147 with writes enabled, any UID or GID that would 173 with writes enabled, any UID or GID that would exceed 65535 is translated
148 to a fixed value before being written to disk. 174 to a fixed value before being written to disk.
149 175
150 These sysctls allow you to change the value of 176 These sysctls allow you to change the value of the fixed UID and GID.
151 The default is 65534. 177 The default is 65534.
152 178
153 179
154 pipe-user-pages-hard 180 pipe-user-pages-hard
155 -------------------- 181 --------------------
156 182
157 Maximum total number of pages a non-privileged 183 Maximum total number of pages a non-privileged user may allocate for pipes.
158 Once this limit is reached, no new pipes may b 184 Once this limit is reached, no new pipes may be allocated until usage goes
159 below the limit again. When set to 0, no limit 185 below the limit again. When set to 0, no limit is applied, which is the default
160 setting. 186 setting.
161 187
162 188
163 pipe-user-pages-soft 189 pipe-user-pages-soft
164 -------------------- 190 --------------------
165 191
166 Maximum total number of pages a non-privileged 192 Maximum total number of pages a non-privileged user may allocate for pipes
167 before the pipe size gets limited to a single 193 before the pipe size gets limited to a single page. Once this limit is reached,
168 new pipes will be limited to a single page in 194 new pipes will be limited to a single page in size for this user in order to
169 limit total memory usage, and trying to increa !! 195 limit total memory usage, and trying to increase them using fcntl() will be
170 denied until usage goes below the limit again. 196 denied until usage goes below the limit again. The default value allows to
171 allocate up to 1024 pipes at their default siz 197 allocate up to 1024 pipes at their default size. When set to 0, no limit is
172 applied. 198 applied.
173 199
174 200
175 protected_fifos 201 protected_fifos
176 --------------- 202 ---------------
177 203
178 The intent of this protection is to avoid unin 204 The intent of this protection is to avoid unintentional writes to
179 an attacker-controlled FIFO, where a program e 205 an attacker-controlled FIFO, where a program expected to create a regular
180 file. 206 file.
181 207
182 When set to "0", writing to FIFOs is unrestric 208 When set to "0", writing to FIFOs is unrestricted.
183 209
184 When set to "1" don't allow ``O_CREAT`` open o !! 210 When set to "1" don't allow O_CREAT open on FIFOs that we don't own
185 in world writable sticky directories, unless t 211 in world writable sticky directories, unless they are owned by the
186 owner of the directory. 212 owner of the directory.
187 213
188 When set to "2" it also applies to group writa 214 When set to "2" it also applies to group writable sticky directories.
189 215
190 This protection is based on the restrictions i 216 This protection is based on the restrictions in Openwall.
191 217
192 218
193 protected_hardlinks 219 protected_hardlinks
194 -------------------- 220 --------------------
195 221
196 A long-standing class of security issues is th 222 A long-standing class of security issues is the hardlink-based
197 time-of-check-time-of-use race, most commonly 223 time-of-check-time-of-use race, most commonly seen in world-writable
198 directories like ``/tmp``. The common method o !! 224 directories like /tmp. The common method of exploitation of this flaw
199 is to cross privilege boundaries when followin 225 is to cross privilege boundaries when following a given hardlink (i.e. a
200 root process follows a hardlink created by ano 226 root process follows a hardlink created by another user). Additionally,
201 on systems without separated partitions, this 227 on systems without separated partitions, this stops unauthorized users
202 from "pinning" vulnerable setuid/setgid files 228 from "pinning" vulnerable setuid/setgid files against being upgraded by
203 the administrator, or linking to special files 229 the administrator, or linking to special files.
204 230
205 When set to "0", hardlink creation behavior is 231 When set to "0", hardlink creation behavior is unrestricted.
206 232
207 When set to "1" hardlinks cannot be created by 233 When set to "1" hardlinks cannot be created by users if they do not
208 already own the source file, or do not have re 234 already own the source file, or do not have read/write access to it.
209 235
210 This protection is based on the restrictions i 236 This protection is based on the restrictions in Openwall and grsecurity.
211 237
212 238
213 protected_regular 239 protected_regular
214 ----------------- 240 -----------------
215 241
216 This protection is similar to `protected_fifos !! 242 This protection is similar to protected_fifos, but it
217 avoids writes to an attacker-controlled regula 243 avoids writes to an attacker-controlled regular file, where a program
218 expected to create one. 244 expected to create one.
219 245
220 When set to "0", writing to regular files is u 246 When set to "0", writing to regular files is unrestricted.
221 247
222 When set to "1" don't allow ``O_CREAT`` open o !! 248 When set to "1" don't allow O_CREAT open on regular files that we
223 don't own in world writable sticky directories 249 don't own in world writable sticky directories, unless they are
224 owned by the owner of the directory. 250 owned by the owner of the directory.
225 251
226 When set to "2" it also applies to group writa 252 When set to "2" it also applies to group writable sticky directories.
227 253
228 254
229 protected_symlinks 255 protected_symlinks
230 ------------------ 256 ------------------
231 257
232 A long-standing class of security issues is th 258 A long-standing class of security issues is the symlink-based
233 time-of-check-time-of-use race, most commonly 259 time-of-check-time-of-use race, most commonly seen in world-writable
234 directories like ``/tmp``. The common method o !! 260 directories like /tmp. The common method of exploitation of this flaw
235 is to cross privilege boundaries when followin 261 is to cross privilege boundaries when following a given symlink (i.e. a
236 root process follows a symlink belonging to an 262 root process follows a symlink belonging to another user). For a likely
237 incomplete list of hundreds of examples across 263 incomplete list of hundreds of examples across the years, please see:
238 https://cve.mitre.org/cgi-bin/cvekey.cgi?keywo 264 https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
239 265
240 When set to "0", symlink following behavior is 266 When set to "0", symlink following behavior is unrestricted.
241 267
242 When set to "1" symlinks are permitted to be f 268 When set to "1" symlinks are permitted to be followed only when outside
243 a sticky world-writable directory, or when the 269 a sticky world-writable directory, or when the uid of the symlink and
244 follower match, or when the directory owner ma 270 follower match, or when the directory owner matches the symlink's owner.
245 271
246 This protection is based on the restrictions i 272 This protection is based on the restrictions in Openwall and grsecurity.
247 273
248 274
249 suid_dumpable !! 275 suid_dumpable:
250 ------------- !! 276 --------------
251 277
252 This value can be used to query and set the co 278 This value can be used to query and set the core dump mode for setuid
253 or otherwise protected/tainted binaries. The m 279 or otherwise protected/tainted binaries. The modes are
254 280
255 = ========== ============================== 281 = ========== ===============================================================
256 0 (default) Traditional behaviour. Any pro !! 282 0 (default) traditional behaviour. Any process which has changed
257 privilege levels or is execute 283 privilege levels or is execute only will not be dumped.
258 1 (debug) All processes dump core when p !! 284 1 (debug) all processes dump core when possible. The core dump is
259 owned by the current user and 285 owned by the current user and no security is applied. This is
260 intended for system debugging 286 intended for system debugging situations only.
261 Ptrace is unchecked. 287 Ptrace is unchecked.
262 This is insecure as it allows 288 This is insecure as it allows regular users to examine the
263 memory contents of privileged 289 memory contents of privileged processes.
264 2 (suidsafe) Any binary which normally woul !! 290 2 (suidsafe) any binary which normally would not be dumped is dumped
265 anyway, but only if the ``core !! 291 anyway, but only if the "core_pattern" kernel sysctl is set to
266 :ref:`Documentation/admin-guid <<
267 is set to <<
268 either a pipe handler or a ful 292 either a pipe handler or a fully qualified path. (For more
269 details on this limitation, se 293 details on this limitation, see CVE-2006-2451.) This mode is
270 appropriate when administrator 294 appropriate when administrators are attempting to debug
271 problems in a normal environme 295 problems in a normal environment, and either have a core dump
272 pipe handler that knows to tre 296 pipe handler that knows to treat privileged core dumps with
273 care, or specific directory de 297 care, or specific directory defined for catching core dumps.
274 If a core dump happens without 298 If a core dump happens without a pipe handler or fully
275 qualified path, a message will 299 qualified path, a message will be emitted to syslog warning
276 about the lack of a correct se 300 about the lack of a correct setting.
277 = ========== ============================== 301 = ========== ===============================================================
278 302
279 303
>> 304 super-max & super-nr
>> 305 --------------------
>> 306
>> 307 These numbers control the maximum number of superblocks, and
>> 308 thus the maximum number of mounted filesystems the kernel
>> 309 can have. You only need to increase super-max if you need to
>> 310 mount more filesystems than the current value in super-max
>> 311 allows you to.
>> 312
>> 313
>> 314 aio-nr & aio-max-nr
>> 315 -------------------
>> 316
>> 317 aio-nr shows the current system-wide number of asynchronous io
>> 318 requests. aio-max-nr allows you to change the maximum value
>> 319 aio-nr can grow to.
>> 320
>> 321
>> 322 mount-max
>> 323 ---------
>> 324
>> 325 This denotes the maximum number of mounts that may exist
>> 326 in a mount namespace.
>> 327
>> 328
280 329
281 2. /proc/sys/fs/binfmt_misc 330 2. /proc/sys/fs/binfmt_misc
282 =========================== 331 ===========================
283 332
284 Documentation for the files in ``/proc/sys/fs/ !! 333 Documentation for the files in /proc/sys/fs/binfmt_misc is
285 in Documentation/admin-guide/binfmt-misc.rst. 334 in Documentation/admin-guide/binfmt-misc.rst.
286 335
287 336
288 3. /proc/sys/fs/mqueue - POSIX message queues 337 3. /proc/sys/fs/mqueue - POSIX message queues filesystem
289 ============================================== 338 ========================================================
290 339
291 340
292 The "mqueue" filesystem provides the necessa 341 The "mqueue" filesystem provides the necessary kernel features to enable the
293 creation of a user space library that imple 342 creation of a user space library that implements the POSIX message queues
294 API (as noted by the MSG tag in the POSIX 10 343 API (as noted by the MSG tag in the POSIX 1003.1-2001 version of the System
295 Interfaces specification.) 344 Interfaces specification.)
296 345
297 The "mqueue" filesystem contains values for de !! 346 The "mqueue" filesystem contains values for determining/setting the amount of
298 amount of resources used by the file system. !! 347 resources used by the file system.
>> 348
>> 349 /proc/sys/fs/mqueue/queues_max is a read/write file for setting/getting the
>> 350 maximum number of message queues allowed on the system.
299 351
300 ``/proc/sys/fs/mqueue/queues_max`` is a read/w !! 352 /proc/sys/fs/mqueue/msg_max is a read/write file for setting/getting the
301 setting/getting the maximum number of message !! 353 maximum number of messages in a queue value. In fact it is the limiting value
302 system. !! 354 for another (user) limit which is set in mq_open invocation. This attribute of
303 !! 355 a queue must be less or equal then msg_max.
304 ``/proc/sys/fs/mqueue/msg_max`` is a read/writ !! 356
305 setting/getting the maximum number of messages !! 357 /proc/sys/fs/mqueue/msgsize_max is a read/write file for setting/getting the
306 fact it is the limiting value for another (use !! 358 maximum message size value (it is every message queue's attribute set during
307 ``mq_open`` invocation. This attribute of a q !! 359 its creation).
308 or equal to ``msg_max``. !! 360
309 !! 361 /proc/sys/fs/mqueue/msg_default is a read/write file for setting/getting the
310 ``/proc/sys/fs/mqueue/msgsize_max`` is a read/ !! 362 default number of messages in a queue value if attr parameter of mq_open(2) is
311 setting/getting the maximum message size value !! 363 NULL. If it exceed msg_max, the default value is initialized msg_max.
312 every message queue, set during its creation). !! 364
313 !! 365 /proc/sys/fs/mqueue/msgsize_default is a read/write file for setting/getting
314 ``/proc/sys/fs/mqueue/msg_default`` is a read/ !! 366 the default message size value if attr parameter of mq_open(2) is NULL. If it
315 setting/getting the default number of messages !! 367 exceed msgsize_max, the default value is initialized msgsize_max.
316 ``attr`` parameter of ``mq_open(2)`` is ``NULL <<
317 ``msg_max``, the default value is initialized <<
318 <<
319 ``/proc/sys/fs/mqueue/msgsize_default`` is a r <<
320 setting/getting the default message size value <<
321 parameter of ``mq_open(2)`` is ``NULL``. If it <<
322 ``msgsize_max``, the default value is initiali <<
323 368
324 4. /proc/sys/fs/epoll - Configuration options 369 4. /proc/sys/fs/epoll - Configuration options for the epoll interface
325 ============================================== 370 =====================================================================
326 371
327 This directory contains configuration options 372 This directory contains configuration options for the epoll(7) interface.
328 373
329 max_user_watches 374 max_user_watches
330 ---------------- 375 ----------------
331 376
332 Every epoll file descriptor can store a number 377 Every epoll file descriptor can store a number of files to be monitored
333 for event readiness. Each one of these monitor 378 for event readiness. Each one of these monitored files constitutes a "watch".
334 This configuration option sets the maximum num 379 This configuration option sets the maximum number of "watches" that are
335 allowed for each user. 380 allowed for each user.
336 Each "watch" costs roughly 90 bytes on a 32-bi !! 381 Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes
337 on a 64-bit one. !! 382 on a 64bit one.
338 The current default value for ``max_user_watch !! 383 The current default value for max_user_watches is the 1/25 (4%) of the
339 available low memory, divided by the "watch" c !! 384 available low memory, divided for the "watch" cost in bytes.
340 <<
341 5. /proc/sys/fs/fuse - Configuration options f <<
342 ============================================== <<
343 <<
344 This directory contains the following configur <<
345 filesystems: <<
346 <<
347 ``/proc/sys/fs/fuse/max_pages_limit`` is a rea <<
348 setting/getting the maximum number of pages th <<
349 requests in FUSE. <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.