1 ===============================
2 Documentation for /proc/sys/fs/
3 ===============================
4
5 Copyright (c) 1998, 1999, Rik van Riel <riel@n
6
7 Copyright (c) 2009, Shen Feng<shen@cn.fu
8
9 For general info and legal blurb, please look
10
11 ----------------------------------------------
12
13 This file contains documentation for the sysct
14 in ``/proc/sys/fs/``.
15
16 The files in this directory can be used to tun
17 miscellaneous and general things in the operat
18 kernel. Since some of the files *can* be used
19 system, it is advisable to read both documenta
20 before actually making adjustments.
21
22 1. /proc/sys/fs
23 ===============
24
25 Currently, these files might (depending on you
26 show up in ``/proc/sys/fs``:
27
28 .. contents:: :local:
29
30
31 aio-nr & aio-max-nr
32 -------------------
33
34 ``aio-nr`` shows the current system-wide numbe
35 requests. ``aio-max-nr`` allows you to change
36 ``aio-nr`` can grow to. If ``aio-nr`` reaches
37 ``io_setup`` will fail with ``EAGAIN``. Note
38 ``aio-max-nr`` does not result in the
39 pre-allocation or re-sizing of any kernel data
40
41 dentry-negative
42 ----------------------------
43
44 Policy for negative dentries. Set to 1 to to a
45 file is removed, and 0 to disable it. By defau
46
47 dentry-state
48 ------------
49
50 This file shows the values in ``struct dentry_
51 ``fs/dcache.c``::
52
53 struct dentry_stat_t dentry_stat {
54 long nr_dentry;
55 long nr_unused;
56 long age_limit; /* age in seco
57 long want_pages; /* pages reque
58 long nr_negative; /* # of unused
59 long dummy; /* Reserved fo
60 };
61
62 Dentries are dynamically allocated and dealloc
63
64 ``nr_dentry`` shows the total number of dentri
65 + unused). ``nr_unused shows`` the number of d
66 actively used, but are saved in the LRU list f
67
68 ``age_limit`` is the age in seconds after whic
69 can be reclaimed when memory is short and ``wa
70 nonzero when ``shrink_dcache_pages()`` has bee
71 dcache isn't pruned yet.
72
73 ``nr_negative`` shows the number of unused den
74 negative dentries which do not map to any file
75 they help speeding up rejection of non-existin
76 by the users.
77
78
79 file-max & file-nr
80 ------------------
81
82 The value in ``file-max`` denotes the maximum
83 handles that the Linux kernel will allocate. W
84 of error messages about running out of file ha
85 want to increase this limit.
86
87 Historically,the kernel was able to allocate f
88 dynamically, but not to free them again. The t
89 ``file-nr`` denote the number of allocated fil
90 of allocated but unused file handles, and the
91 file handles. Linux 2.6 and later always repor
92 file handles -- this is not an error, it just
93 number of allocated file handles exactly match
94 used file handles.
95
96 Attempts to allocate more file descriptors tha
97 reported with ``printk``, look for::
98
99 VFS: file-max limit <number> reached
100
101 in the kernel logs.
102
103
104 inode-nr & inode-state
105 ----------------------
106
107 As with file handles, the kernel allocates the
108 dynamically, but can't free them yet.
109
110 The file ``inode-nr`` contains the first two i
111 ``inode-state``, so we'll skip to that file...
112
113 ``inode-state`` contains three actual numbers
114 The actual numbers are, in order of appearance
115 ``nr_free_inodes`` and ``preshrink``.
116
117 ``nr_inodes`` stands for the number of inodes
118 allocated.
119
120 ``nr_free_inodes`` represents the number of fr
121 preshrink is nonzero when the
122 system needs to prune the inode list instead o
123 more.
124
125
126 mount-max
127 ---------
128
129 This denotes the maximum number of mounts that
130 in a mount namespace.
131
132
133 nr_open
134 -------
135
136 This denotes the maximum number of file-handle
137 allocate. Default value is 1024*1024 (1048576)
138 enough for most machines. Actual limit depends
139 resource limit.
140
141
142 overflowgid & overflowuid
143 -------------------------
144
145 Some filesystems only support 16-bit UIDs and
146 UIDs and GIDs are 32 bits. When one of these f
147 with writes enabled, any UID or GID that would
148 to a fixed value before being written to disk.
149
150 These sysctls allow you to change the value of
151 The default is 65534.
152
153
154 pipe-user-pages-hard
155 --------------------
156
157 Maximum total number of pages a non-privileged
158 Once this limit is reached, no new pipes may b
159 below the limit again. When set to 0, no limit
160 setting.
161
162
163 pipe-user-pages-soft
164 --------------------
165
166 Maximum total number of pages a non-privileged
167 before the pipe size gets limited to a single
168 new pipes will be limited to a single page in
169 limit total memory usage, and trying to increa
170 denied until usage goes below the limit again.
171 allocate up to 1024 pipes at their default siz
172 applied.
173
174
175 protected_fifos
176 ---------------
177
178 The intent of this protection is to avoid unin
179 an attacker-controlled FIFO, where a program e
180 file.
181
182 When set to "0", writing to FIFOs is unrestric
183
184 When set to "1" don't allow ``O_CREAT`` open o
185 in world writable sticky directories, unless t
186 owner of the directory.
187
188 When set to "2" it also applies to group writa
189
190 This protection is based on the restrictions i
191
192
193 protected_hardlinks
194 --------------------
195
196 A long-standing class of security issues is th
197 time-of-check-time-of-use race, most commonly
198 directories like ``/tmp``. The common method o
199 is to cross privilege boundaries when followin
200 root process follows a hardlink created by ano
201 on systems without separated partitions, this
202 from "pinning" vulnerable setuid/setgid files
203 the administrator, or linking to special files
204
205 When set to "0", hardlink creation behavior is
206
207 When set to "1" hardlinks cannot be created by
208 already own the source file, or do not have re
209
210 This protection is based on the restrictions i
211
212
213 protected_regular
214 -----------------
215
216 This protection is similar to `protected_fifos
217 avoids writes to an attacker-controlled regula
218 expected to create one.
219
220 When set to "0", writing to regular files is u
221
222 When set to "1" don't allow ``O_CREAT`` open o
223 don't own in world writable sticky directories
224 owned by the owner of the directory.
225
226 When set to "2" it also applies to group writa
227
228
229 protected_symlinks
230 ------------------
231
232 A long-standing class of security issues is th
233 time-of-check-time-of-use race, most commonly
234 directories like ``/tmp``. The common method o
235 is to cross privilege boundaries when followin
236 root process follows a symlink belonging to an
237 incomplete list of hundreds of examples across
238 https://cve.mitre.org/cgi-bin/cvekey.cgi?keywo
239
240 When set to "0", symlink following behavior is
241
242 When set to "1" symlinks are permitted to be f
243 a sticky world-writable directory, or when the
244 follower match, or when the directory owner ma
245
246 This protection is based on the restrictions i
247
248
249 suid_dumpable
250 -------------
251
252 This value can be used to query and set the co
253 or otherwise protected/tainted binaries. The m
254
255 = ========== ==============================
256 0 (default) Traditional behaviour. Any pro
257 privilege levels or is execute
258 1 (debug) All processes dump core when p
259 owned by the current user and
260 intended for system debugging
261 Ptrace is unchecked.
262 This is insecure as it allows
263 memory contents of privileged
264 2 (suidsafe) Any binary which normally woul
265 anyway, but only if the ``core
266 :ref:`Documentation/admin-guid
267 is set to
268 either a pipe handler or a ful
269 details on this limitation, se
270 appropriate when administrator
271 problems in a normal environme
272 pipe handler that knows to tre
273 care, or specific directory de
274 If a core dump happens without
275 qualified path, a message will
276 about the lack of a correct se
277 = ========== ==============================
278
279
280
281 2. /proc/sys/fs/binfmt_misc
282 ===========================
283
284 Documentation for the files in ``/proc/sys/fs/
285 in Documentation/admin-guide/binfmt-misc.rst.
286
287
288 3. /proc/sys/fs/mqueue - POSIX message queues
289 ==============================================
290
291
292 The "mqueue" filesystem provides the necessa
293 creation of a user space library that imple
294 API (as noted by the MSG tag in the POSIX 10
295 Interfaces specification.)
296
297 The "mqueue" filesystem contains values for de
298 amount of resources used by the file system.
299
300 ``/proc/sys/fs/mqueue/queues_max`` is a read/w
301 setting/getting the maximum number of message
302 system.
303
304 ``/proc/sys/fs/mqueue/msg_max`` is a read/writ
305 setting/getting the maximum number of messages
306 fact it is the limiting value for another (use
307 ``mq_open`` invocation. This attribute of a q
308 or equal to ``msg_max``.
309
310 ``/proc/sys/fs/mqueue/msgsize_max`` is a read/
311 setting/getting the maximum message size value
312 every message queue, set during its creation).
313
314 ``/proc/sys/fs/mqueue/msg_default`` is a read/
315 setting/getting the default number of messages
316 ``attr`` parameter of ``mq_open(2)`` is ``NULL
317 ``msg_max``, the default value is initialized
318
319 ``/proc/sys/fs/mqueue/msgsize_default`` is a r
320 setting/getting the default message size value
321 parameter of ``mq_open(2)`` is ``NULL``. If it
322 ``msgsize_max``, the default value is initiali
323
324 4. /proc/sys/fs/epoll - Configuration options
325 ==============================================
326
327 This directory contains configuration options
328
329 max_user_watches
330 ----------------
331
332 Every epoll file descriptor can store a number
333 for event readiness. Each one of these monitor
334 This configuration option sets the maximum num
335 allowed for each user.
336 Each "watch" costs roughly 90 bytes on a 32-bi
337 on a 64-bit one.
338 The current default value for ``max_user_watch
339 available low memory, divided by the "watch" c
340
341 5. /proc/sys/fs/fuse - Configuration options f
342 ==============================================
343
344 This directory contains the following configur
345 filesystems:
346
347 ``/proc/sys/fs/fuse/max_pages_limit`` is a rea
348 setting/getting the maximum number of pages th
349 requests in FUSE.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.