1 =============================== 1 ===============================
2 Documentation for /proc/sys/fs/ 2 Documentation for /proc/sys/fs/
3 =============================== 3 ===============================
4 4
>> 5 kernel version 2.2.10
>> 6
5 Copyright (c) 1998, 1999, Rik van Riel <riel@n 7 Copyright (c) 1998, 1999, Rik van Riel <riel@nl.linux.org>
6 8
7 Copyright (c) 2009, Shen Feng<shen@cn.fu 9 Copyright (c) 2009, Shen Feng<shen@cn.fujitsu.com>
8 10
9 For general info and legal blurb, please look 11 For general info and legal blurb, please look in intro.rst.
10 12
11 ---------------------------------------------- 13 ------------------------------------------------------------------------------
12 14
13 This file contains documentation for the sysct !! 15 This file contains documentation for the sysctl files in
14 in ``/proc/sys/fs/``. !! 16 /proc/sys/fs/ and is valid for Linux kernel version 2.2.
15 17
16 The files in this directory can be used to tun 18 The files in this directory can be used to tune and monitor
17 miscellaneous and general things in the operat 19 miscellaneous and general things in the operation of the Linux
18 kernel. Since some of the files *can* be used !! 20 kernel. Since some of the files _can_ be used to screw up your
19 system, it is advisable to read both documenta 21 system, it is advisable to read both documentation and source
20 before actually making adjustments. 22 before actually making adjustments.
21 23
22 1. /proc/sys/fs 24 1. /proc/sys/fs
23 =============== 25 ===============
24 26
25 Currently, these files might (depending on you !! 27 Currently, these files are in /proc/sys/fs:
26 show up in ``/proc/sys/fs``: <<
27 28
28 .. contents:: :local: !! 29 - aio-max-nr
>> 30 - aio-nr
>> 31 - dentry-state
>> 32 - dquot-max
>> 33 - dquot-nr
>> 34 - file-max
>> 35 - file-nr
>> 36 - inode-max
>> 37 - inode-nr
>> 38 - inode-state
>> 39 - nr_open
>> 40 - overflowuid
>> 41 - overflowgid
>> 42 - pipe-user-pages-hard
>> 43 - pipe-user-pages-soft
>> 44 - protected_fifos
>> 45 - protected_hardlinks
>> 46 - protected_regular
>> 47 - protected_symlinks
>> 48 - suid_dumpable
>> 49 - super-max
>> 50 - super-nr
29 51
30 52
31 aio-nr & aio-max-nr 53 aio-nr & aio-max-nr
32 ------------------- 54 -------------------
33 55
34 ``aio-nr`` shows the current system-wide numbe !! 56 aio-nr is the running total of the number of events specified on the
35 requests. ``aio-max-nr`` allows you to change !! 57 io_setup system call for all currently active aio contexts. If aio-nr
36 ``aio-nr`` can grow to. If ``aio-nr`` reaches !! 58 reaches aio-max-nr then io_setup will fail with EAGAIN. Note that
37 ``io_setup`` will fail with ``EAGAIN``. Note !! 59 raising aio-max-nr does not result in the pre-allocation or re-sizing
38 ``aio-max-nr`` does not result in the !! 60 of any kernel data structures.
39 pre-allocation or re-sizing of any kernel data <<
40 61
41 62
42 dentry-state 63 dentry-state
43 ------------ 64 ------------
44 65
45 This file shows the values in ``struct dentry_ !! 66 From linux/include/linux/dcache.h::
46 ``fs/dcache.c``:: <<
47 67
48 struct dentry_stat_t dentry_stat { 68 struct dentry_stat_t dentry_stat {
49 long nr_dentry; !! 69 int nr_dentry;
50 long nr_unused; !! 70 int nr_unused;
51 long age_limit; /* age in seco !! 71 int age_limit; /* age in seconds */
52 long want_pages; /* pages reque !! 72 int want_pages; /* pages requested by system */
53 long nr_negative; /* # of unused !! 73 int nr_negative; /* # of unused negative dentries */
54 long dummy; /* Reserved fo !! 74 int dummy; /* Reserved for future use */
55 }; 75 };
56 76
57 Dentries are dynamically allocated and dealloc 77 Dentries are dynamically allocated and deallocated.
58 78
59 ``nr_dentry`` shows the total number of dentri !! 79 nr_dentry shows the total number of dentries allocated (active
60 + unused). ``nr_unused shows`` the number of d !! 80 + unused). nr_unused shows the number of dentries that are not
61 actively used, but are saved in the LRU list f 81 actively used, but are saved in the LRU list for future reuse.
62 82
63 ``age_limit`` is the age in seconds after whic !! 83 Age_limit is the age in seconds after which dcache entries
64 can be reclaimed when memory is short and ``wa !! 84 can be reclaimed when memory is short and want_pages is
65 nonzero when ``shrink_dcache_pages()`` has bee !! 85 nonzero when shrink_dcache_pages() has been called and the
66 dcache isn't pruned yet. 86 dcache isn't pruned yet.
67 87
68 ``nr_negative`` shows the number of unused den !! 88 nr_negative shows the number of unused dentries that are also
69 negative dentries which do not map to any file 89 negative dentries which do not map to any files. Instead,
70 they help speeding up rejection of non-existin 90 they help speeding up rejection of non-existing files provided
71 by the users. 91 by the users.
72 92
73 93
>> 94 dquot-max & dquot-nr
>> 95 --------------------
>> 96
>> 97 The file dquot-max shows the maximum number of cached disk
>> 98 quota entries.
>> 99
>> 100 The file dquot-nr shows the number of allocated disk quota
>> 101 entries and the number of free disk quota entries.
>> 102
>> 103 If the number of free cached disk quotas is very low and
>> 104 you have some awesome number of simultaneous system users,
>> 105 you might want to raise the limit.
>> 106
>> 107
74 file-max & file-nr 108 file-max & file-nr
75 ------------------ 109 ------------------
76 110
77 The value in ``file-max`` denotes the maximum !! 111 The value in file-max denotes the maximum number of file-
78 handles that the Linux kernel will allocate. W 112 handles that the Linux kernel will allocate. When you get lots
79 of error messages about running out of file ha 113 of error messages about running out of file handles, you might
80 want to increase this limit. 114 want to increase this limit.
81 115
82 Historically,the kernel was able to allocate f 116 Historically,the kernel was able to allocate file handles
83 dynamically, but not to free them again. The t 117 dynamically, but not to free them again. The three values in
84 ``file-nr`` denote the number of allocated fil !! 118 file-nr denote the number of allocated file handles, the number
85 of allocated but unused file handles, and the 119 of allocated but unused file handles, and the maximum number of
86 file handles. Linux 2.6 and later always repor !! 120 file handles. Linux 2.6 always reports 0 as the number of free
87 file handles -- this is not an error, it just 121 file handles -- this is not an error, it just means that the
88 number of allocated file handles exactly match 122 number of allocated file handles exactly matches the number of
89 used file handles. 123 used file handles.
90 124
91 Attempts to allocate more file descriptors tha !! 125 Attempts to allocate more file descriptors than file-max are
92 reported with ``printk``, look for:: !! 126 reported with printk, look for "VFS: file-max limit <number>
>> 127 reached".
>> 128
93 129
94 VFS: file-max limit <number> reached !! 130 nr_open
>> 131 -------
95 132
96 in the kernel logs. !! 133 This denotes the maximum number of file-handles a process can
>> 134 allocate. Default value is 1024*1024 (1048576) which should be
>> 135 enough for most machines. Actual limit depends on RLIMIT_NOFILE
>> 136 resource limit.
97 137
98 138
99 inode-nr & inode-state !! 139 inode-max, inode-nr & inode-state
100 ---------------------- !! 140 ---------------------------------
101 141
102 As with file handles, the kernel allocates the 142 As with file handles, the kernel allocates the inode structures
103 dynamically, but can't free them yet. 143 dynamically, but can't free them yet.
104 144
105 The file ``inode-nr`` contains the first two i !! 145 The value in inode-max denotes the maximum number of inode
106 ``inode-state``, so we'll skip to that file... !! 146 handlers. This value should be 3-4 times larger than the value
107 !! 147 in file-max, since stdin, stdout and network sockets also
108 ``inode-state`` contains three actual numbers !! 148 need an inode struct to handle them. When you regularly run
109 The actual numbers are, in order of appearance !! 149 out of inodes, you need to increase this value.
110 ``nr_free_inodes`` and ``preshrink``. !! 150
111 !! 151 The file inode-nr contains the first two items from
112 ``nr_inodes`` stands for the number of inodes !! 152 inode-state, so we'll skip to that file...
113 allocated. !! 153
>> 154 Inode-state contains three actual numbers and four dummies.
>> 155 The actual numbers are, in order of appearance, nr_inodes,
>> 156 nr_free_inodes and preshrink.
>> 157
>> 158 Nr_inodes stands for the number of inodes the system has
>> 159 allocated, this can be slightly more than inode-max because
>> 160 Linux allocates them one pageful at a time.
114 161
115 ``nr_free_inodes`` represents the number of fr !! 162 Nr_free_inodes represents the number of free inodes (?) and
116 preshrink is nonzero when the !! 163 preshrink is nonzero when the nr_inodes > inode-max and the
117 system needs to prune the inode list instead o 164 system needs to prune the inode list instead of allocating
118 more. 165 more.
119 166
120 167
121 mount-max <<
122 --------- <<
123 <<
124 This denotes the maximum number of mounts that <<
125 in a mount namespace. <<
126 <<
127 <<
128 nr_open <<
129 ------- <<
130 <<
131 This denotes the maximum number of file-handle <<
132 allocate. Default value is 1024*1024 (1048576) <<
133 enough for most machines. Actual limit depends <<
134 resource limit. <<
135 <<
136 <<
137 overflowgid & overflowuid 168 overflowgid & overflowuid
138 ------------------------- 169 -------------------------
139 170
140 Some filesystems only support 16-bit UIDs and 171 Some filesystems only support 16-bit UIDs and GIDs, although in Linux
141 UIDs and GIDs are 32 bits. When one of these f 172 UIDs and GIDs are 32 bits. When one of these filesystems is mounted
142 with writes enabled, any UID or GID that would 173 with writes enabled, any UID or GID that would exceed 65535 is translated
143 to a fixed value before being written to disk. 174 to a fixed value before being written to disk.
144 175
145 These sysctls allow you to change the value of 176 These sysctls allow you to change the value of the fixed UID and GID.
146 The default is 65534. 177 The default is 65534.
147 178
148 179
149 pipe-user-pages-hard 180 pipe-user-pages-hard
150 -------------------- 181 --------------------
151 182
152 Maximum total number of pages a non-privileged 183 Maximum total number of pages a non-privileged user may allocate for pipes.
153 Once this limit is reached, no new pipes may b 184 Once this limit is reached, no new pipes may be allocated until usage goes
154 below the limit again. When set to 0, no limit 185 below the limit again. When set to 0, no limit is applied, which is the default
155 setting. 186 setting.
156 187
157 188
158 pipe-user-pages-soft 189 pipe-user-pages-soft
159 -------------------- 190 --------------------
160 191
161 Maximum total number of pages a non-privileged 192 Maximum total number of pages a non-privileged user may allocate for pipes
162 before the pipe size gets limited to a single 193 before the pipe size gets limited to a single page. Once this limit is reached,
163 new pipes will be limited to a single page in 194 new pipes will be limited to a single page in size for this user in order to
164 limit total memory usage, and trying to increa !! 195 limit total memory usage, and trying to increase them using fcntl() will be
165 denied until usage goes below the limit again. 196 denied until usage goes below the limit again. The default value allows to
166 allocate up to 1024 pipes at their default siz 197 allocate up to 1024 pipes at their default size. When set to 0, no limit is
167 applied. 198 applied.
168 199
169 200
170 protected_fifos 201 protected_fifos
171 --------------- 202 ---------------
172 203
173 The intent of this protection is to avoid unin 204 The intent of this protection is to avoid unintentional writes to
174 an attacker-controlled FIFO, where a program e 205 an attacker-controlled FIFO, where a program expected to create a regular
175 file. 206 file.
176 207
177 When set to "0", writing to FIFOs is unrestric 208 When set to "0", writing to FIFOs is unrestricted.
178 209
179 When set to "1" don't allow ``O_CREAT`` open o !! 210 When set to "1" don't allow O_CREAT open on FIFOs that we don't own
180 in world writable sticky directories, unless t 211 in world writable sticky directories, unless they are owned by the
181 owner of the directory. 212 owner of the directory.
182 213
183 When set to "2" it also applies to group writa 214 When set to "2" it also applies to group writable sticky directories.
184 215
185 This protection is based on the restrictions i 216 This protection is based on the restrictions in Openwall.
186 217
187 218
188 protected_hardlinks 219 protected_hardlinks
189 -------------------- 220 --------------------
190 221
191 A long-standing class of security issues is th 222 A long-standing class of security issues is the hardlink-based
192 time-of-check-time-of-use race, most commonly 223 time-of-check-time-of-use race, most commonly seen in world-writable
193 directories like ``/tmp``. The common method o !! 224 directories like /tmp. The common method of exploitation of this flaw
194 is to cross privilege boundaries when followin 225 is to cross privilege boundaries when following a given hardlink (i.e. a
195 root process follows a hardlink created by ano 226 root process follows a hardlink created by another user). Additionally,
196 on systems without separated partitions, this 227 on systems without separated partitions, this stops unauthorized users
197 from "pinning" vulnerable setuid/setgid files 228 from "pinning" vulnerable setuid/setgid files against being upgraded by
198 the administrator, or linking to special files 229 the administrator, or linking to special files.
199 230
200 When set to "0", hardlink creation behavior is 231 When set to "0", hardlink creation behavior is unrestricted.
201 232
202 When set to "1" hardlinks cannot be created by 233 When set to "1" hardlinks cannot be created by users if they do not
203 already own the source file, or do not have re 234 already own the source file, or do not have read/write access to it.
204 235
205 This protection is based on the restrictions i 236 This protection is based on the restrictions in Openwall and grsecurity.
206 237
207 238
208 protected_regular 239 protected_regular
209 ----------------- 240 -----------------
210 241
211 This protection is similar to `protected_fifos !! 242 This protection is similar to protected_fifos, but it
212 avoids writes to an attacker-controlled regula 243 avoids writes to an attacker-controlled regular file, where a program
213 expected to create one. 244 expected to create one.
214 245
215 When set to "0", writing to regular files is u 246 When set to "0", writing to regular files is unrestricted.
216 247
217 When set to "1" don't allow ``O_CREAT`` open o !! 248 When set to "1" don't allow O_CREAT open on regular files that we
218 don't own in world writable sticky directories 249 don't own in world writable sticky directories, unless they are
219 owned by the owner of the directory. 250 owned by the owner of the directory.
220 251
221 When set to "2" it also applies to group writa 252 When set to "2" it also applies to group writable sticky directories.
222 253
223 254
224 protected_symlinks 255 protected_symlinks
225 ------------------ 256 ------------------
226 257
227 A long-standing class of security issues is th 258 A long-standing class of security issues is the symlink-based
228 time-of-check-time-of-use race, most commonly 259 time-of-check-time-of-use race, most commonly seen in world-writable
229 directories like ``/tmp``. The common method o !! 260 directories like /tmp. The common method of exploitation of this flaw
230 is to cross privilege boundaries when followin 261 is to cross privilege boundaries when following a given symlink (i.e. a
231 root process follows a symlink belonging to an 262 root process follows a symlink belonging to another user). For a likely
232 incomplete list of hundreds of examples across 263 incomplete list of hundreds of examples across the years, please see:
233 https://cve.mitre.org/cgi-bin/cvekey.cgi?keywo 264 https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
234 265
235 When set to "0", symlink following behavior is 266 When set to "0", symlink following behavior is unrestricted.
236 267
237 When set to "1" symlinks are permitted to be f 268 When set to "1" symlinks are permitted to be followed only when outside
238 a sticky world-writable directory, or when the 269 a sticky world-writable directory, or when the uid of the symlink and
239 follower match, or when the directory owner ma 270 follower match, or when the directory owner matches the symlink's owner.
240 271
241 This protection is based on the restrictions i 272 This protection is based on the restrictions in Openwall and grsecurity.
242 273
243 274
244 suid_dumpable !! 275 suid_dumpable:
245 ------------- !! 276 --------------
246 277
247 This value can be used to query and set the co 278 This value can be used to query and set the core dump mode for setuid
248 or otherwise protected/tainted binaries. The m 279 or otherwise protected/tainted binaries. The modes are
249 280
250 = ========== ============================== 281 = ========== ===============================================================
251 0 (default) Traditional behaviour. Any pro !! 282 0 (default) traditional behaviour. Any process which has changed
252 privilege levels or is execute 283 privilege levels or is execute only will not be dumped.
253 1 (debug) All processes dump core when p !! 284 1 (debug) all processes dump core when possible. The core dump is
254 owned by the current user and 285 owned by the current user and no security is applied. This is
255 intended for system debugging 286 intended for system debugging situations only.
256 Ptrace is unchecked. 287 Ptrace is unchecked.
257 This is insecure as it allows 288 This is insecure as it allows regular users to examine the
258 memory contents of privileged 289 memory contents of privileged processes.
259 2 (suidsafe) Any binary which normally woul !! 290 2 (suidsafe) any binary which normally would not be dumped is dumped
260 anyway, but only if the ``core !! 291 anyway, but only if the "core_pattern" kernel sysctl is set to
261 :ref:`Documentation/admin-guid <<
262 is set to <<
263 either a pipe handler or a ful 292 either a pipe handler or a fully qualified path. (For more
264 details on this limitation, se 293 details on this limitation, see CVE-2006-2451.) This mode is
265 appropriate when administrator 294 appropriate when administrators are attempting to debug
266 problems in a normal environme 295 problems in a normal environment, and either have a core dump
267 pipe handler that knows to tre 296 pipe handler that knows to treat privileged core dumps with
268 care, or specific directory de 297 care, or specific directory defined for catching core dumps.
269 If a core dump happens without 298 If a core dump happens without a pipe handler or fully
270 qualified path, a message will 299 qualified path, a message will be emitted to syslog warning
271 about the lack of a correct se 300 about the lack of a correct setting.
272 = ========== ============================== 301 = ========== ===============================================================
273 302
274 303
>> 304 super-max & super-nr
>> 305 --------------------
>> 306
>> 307 These numbers control the maximum number of superblocks, and
>> 308 thus the maximum number of mounted filesystems the kernel
>> 309 can have. You only need to increase super-max if you need to
>> 310 mount more filesystems than the current value in super-max
>> 311 allows you to.
>> 312
>> 313
>> 314 aio-nr & aio-max-nr
>> 315 -------------------
>> 316
>> 317 aio-nr shows the current system-wide number of asynchronous io
>> 318 requests. aio-max-nr allows you to change the maximum value
>> 319 aio-nr can grow to.
>> 320
>> 321
>> 322 mount-max
>> 323 ---------
>> 324
>> 325 This denotes the maximum number of mounts that may exist
>> 326 in a mount namespace.
>> 327
>> 328
275 329
276 2. /proc/sys/fs/binfmt_misc 330 2. /proc/sys/fs/binfmt_misc
277 =========================== 331 ===========================
278 332
279 Documentation for the files in ``/proc/sys/fs/ !! 333 Documentation for the files in /proc/sys/fs/binfmt_misc is
280 in Documentation/admin-guide/binfmt-misc.rst. 334 in Documentation/admin-guide/binfmt-misc.rst.
281 335
282 336
283 3. /proc/sys/fs/mqueue - POSIX message queues 337 3. /proc/sys/fs/mqueue - POSIX message queues filesystem
284 ============================================== 338 ========================================================
285 339
286 340
287 The "mqueue" filesystem provides the necessa 341 The "mqueue" filesystem provides the necessary kernel features to enable the
288 creation of a user space library that imple 342 creation of a user space library that implements the POSIX message queues
289 API (as noted by the MSG tag in the POSIX 10 343 API (as noted by the MSG tag in the POSIX 1003.1-2001 version of the System
290 Interfaces specification.) 344 Interfaces specification.)
291 345
292 The "mqueue" filesystem contains values for de !! 346 The "mqueue" filesystem contains values for determining/setting the amount of
293 amount of resources used by the file system. !! 347 resources used by the file system.
>> 348
>> 349 /proc/sys/fs/mqueue/queues_max is a read/write file for setting/getting the
>> 350 maximum number of message queues allowed on the system.
294 351
295 ``/proc/sys/fs/mqueue/queues_max`` is a read/w !! 352 /proc/sys/fs/mqueue/msg_max is a read/write file for setting/getting the
296 setting/getting the maximum number of message !! 353 maximum number of messages in a queue value. In fact it is the limiting value
297 system. !! 354 for another (user) limit which is set in mq_open invocation. This attribute of
298 !! 355 a queue must be less or equal then msg_max.
299 ``/proc/sys/fs/mqueue/msg_max`` is a read/writ !! 356
300 setting/getting the maximum number of messages !! 357 /proc/sys/fs/mqueue/msgsize_max is a read/write file for setting/getting the
301 fact it is the limiting value for another (use !! 358 maximum message size value (it is every message queue's attribute set during
302 ``mq_open`` invocation. This attribute of a q !! 359 its creation).
303 or equal to ``msg_max``. !! 360
304 !! 361 /proc/sys/fs/mqueue/msg_default is a read/write file for setting/getting the
305 ``/proc/sys/fs/mqueue/msgsize_max`` is a read/ !! 362 default number of messages in a queue value if attr parameter of mq_open(2) is
306 setting/getting the maximum message size value !! 363 NULL. If it exceed msg_max, the default value is initialized msg_max.
307 every message queue, set during its creation). !! 364
308 !! 365 /proc/sys/fs/mqueue/msgsize_default is a read/write file for setting/getting
309 ``/proc/sys/fs/mqueue/msg_default`` is a read/ !! 366 the default message size value if attr parameter of mq_open(2) is NULL. If it
310 setting/getting the default number of messages !! 367 exceed msgsize_max, the default value is initialized msgsize_max.
311 ``attr`` parameter of ``mq_open(2)`` is ``NULL <<
312 ``msg_max``, the default value is initialized <<
313 <<
314 ``/proc/sys/fs/mqueue/msgsize_default`` is a r <<
315 setting/getting the default message size value <<
316 parameter of ``mq_open(2)`` is ``NULL``. If it <<
317 ``msgsize_max``, the default value is initiali <<
318 368
319 4. /proc/sys/fs/epoll - Configuration options 369 4. /proc/sys/fs/epoll - Configuration options for the epoll interface
320 ============================================== 370 =====================================================================
321 371
322 This directory contains configuration options 372 This directory contains configuration options for the epoll(7) interface.
323 373
324 max_user_watches 374 max_user_watches
325 ---------------- 375 ----------------
326 376
327 Every epoll file descriptor can store a number 377 Every epoll file descriptor can store a number of files to be monitored
328 for event readiness. Each one of these monitor 378 for event readiness. Each one of these monitored files constitutes a "watch".
329 This configuration option sets the maximum num 379 This configuration option sets the maximum number of "watches" that are
330 allowed for each user. 380 allowed for each user.
331 Each "watch" costs roughly 90 bytes on a 32-bi !! 381 Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes
332 on a 64-bit one. !! 382 on a 64bit one.
333 The current default value for ``max_user_watch !! 383 The current default value for max_user_watches is the 1/32 of the available
334 available low memory, divided by the "watch" c !! 384 low memory, divided for the "watch" cost in bytes.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.