1 ===============================
2 Documentation for /proc/sys/fs/
3 ===============================
4
5 Copyright (c) 1998, 1999, Rik van Riel <riel@n
6
7 Copyright (c) 2009, Shen Feng<shen@cn.fu
8
9 For general info and legal blurb, please look
10
11 ----------------------------------------------
12
13 This file contains documentation for the sysct
14 in ``/proc/sys/fs/``.
15
16 The files in this directory can be used to tun
17 miscellaneous and general things in the operat
18 kernel. Since some of the files *can* be used
19 system, it is advisable to read both documenta
20 before actually making adjustments.
21
22 1. /proc/sys/fs
23 ===============
24
25 Currently, these files might (depending on you
26 show up in ``/proc/sys/fs``:
27
28 .. contents:: :local:
29
30
31 aio-nr & aio-max-nr
32 -------------------
33
34 ``aio-nr`` shows the current system-wide numbe
35 requests. ``aio-max-nr`` allows you to change
36 ``aio-nr`` can grow to. If ``aio-nr`` reaches
37 ``io_setup`` will fail with ``EAGAIN``. Note
38 ``aio-max-nr`` does not result in the
39 pre-allocation or re-sizing of any kernel data
40
41
42 dentry-state
43 ------------
44
45 This file shows the values in ``struct dentry_
46 ``fs/dcache.c``::
47
48 struct dentry_stat_t dentry_stat {
49 long nr_dentry;
50 long nr_unused;
51 long age_limit; /* age in seco
52 long want_pages; /* pages reque
53 long nr_negative; /* # of unused
54 long dummy; /* Reserved fo
55 };
56
57 Dentries are dynamically allocated and dealloc
58
59 ``nr_dentry`` shows the total number of dentri
60 + unused). ``nr_unused shows`` the number of d
61 actively used, but are saved in the LRU list f
62
63 ``age_limit`` is the age in seconds after whic
64 can be reclaimed when memory is short and ``wa
65 nonzero when ``shrink_dcache_pages()`` has bee
66 dcache isn't pruned yet.
67
68 ``nr_negative`` shows the number of unused den
69 negative dentries which do not map to any file
70 they help speeding up rejection of non-existin
71 by the users.
72
73
74 file-max & file-nr
75 ------------------
76
77 The value in ``file-max`` denotes the maximum
78 handles that the Linux kernel will allocate. W
79 of error messages about running out of file ha
80 want to increase this limit.
81
82 Historically,the kernel was able to allocate f
83 dynamically, but not to free them again. The t
84 ``file-nr`` denote the number of allocated fil
85 of allocated but unused file handles, and the
86 file handles. Linux 2.6 and later always repor
87 file handles -- this is not an error, it just
88 number of allocated file handles exactly match
89 used file handles.
90
91 Attempts to allocate more file descriptors tha
92 reported with ``printk``, look for::
93
94 VFS: file-max limit <number> reached
95
96 in the kernel logs.
97
98
99 inode-nr & inode-state
100 ----------------------
101
102 As with file handles, the kernel allocates the
103 dynamically, but can't free them yet.
104
105 The file ``inode-nr`` contains the first two i
106 ``inode-state``, so we'll skip to that file...
107
108 ``inode-state`` contains three actual numbers
109 The actual numbers are, in order of appearance
110 ``nr_free_inodes`` and ``preshrink``.
111
112 ``nr_inodes`` stands for the number of inodes
113 allocated.
114
115 ``nr_free_inodes`` represents the number of fr
116 preshrink is nonzero when the
117 system needs to prune the inode list instead o
118 more.
119
120
121 mount-max
122 ---------
123
124 This denotes the maximum number of mounts that
125 in a mount namespace.
126
127
128 nr_open
129 -------
130
131 This denotes the maximum number of file-handle
132 allocate. Default value is 1024*1024 (1048576)
133 enough for most machines. Actual limit depends
134 resource limit.
135
136
137 overflowgid & overflowuid
138 -------------------------
139
140 Some filesystems only support 16-bit UIDs and
141 UIDs and GIDs are 32 bits. When one of these f
142 with writes enabled, any UID or GID that would
143 to a fixed value before being written to disk.
144
145 These sysctls allow you to change the value of
146 The default is 65534.
147
148
149 pipe-user-pages-hard
150 --------------------
151
152 Maximum total number of pages a non-privileged
153 Once this limit is reached, no new pipes may b
154 below the limit again. When set to 0, no limit
155 setting.
156
157
158 pipe-user-pages-soft
159 --------------------
160
161 Maximum total number of pages a non-privileged
162 before the pipe size gets limited to a single
163 new pipes will be limited to a single page in
164 limit total memory usage, and trying to increa
165 denied until usage goes below the limit again.
166 allocate up to 1024 pipes at their default siz
167 applied.
168
169
170 protected_fifos
171 ---------------
172
173 The intent of this protection is to avoid unin
174 an attacker-controlled FIFO, where a program e
175 file.
176
177 When set to "0", writing to FIFOs is unrestric
178
179 When set to "1" don't allow ``O_CREAT`` open o
180 in world writable sticky directories, unless t
181 owner of the directory.
182
183 When set to "2" it also applies to group writa
184
185 This protection is based on the restrictions i
186
187
188 protected_hardlinks
189 --------------------
190
191 A long-standing class of security issues is th
192 time-of-check-time-of-use race, most commonly
193 directories like ``/tmp``. The common method o
194 is to cross privilege boundaries when followin
195 root process follows a hardlink created by ano
196 on systems without separated partitions, this
197 from "pinning" vulnerable setuid/setgid files
198 the administrator, or linking to special files
199
200 When set to "0", hardlink creation behavior is
201
202 When set to "1" hardlinks cannot be created by
203 already own the source file, or do not have re
204
205 This protection is based on the restrictions i
206
207
208 protected_regular
209 -----------------
210
211 This protection is similar to `protected_fifos
212 avoids writes to an attacker-controlled regula
213 expected to create one.
214
215 When set to "0", writing to regular files is u
216
217 When set to "1" don't allow ``O_CREAT`` open o
218 don't own in world writable sticky directories
219 owned by the owner of the directory.
220
221 When set to "2" it also applies to group writa
222
223
224 protected_symlinks
225 ------------------
226
227 A long-standing class of security issues is th
228 time-of-check-time-of-use race, most commonly
229 directories like ``/tmp``. The common method o
230 is to cross privilege boundaries when followin
231 root process follows a symlink belonging to an
232 incomplete list of hundreds of examples across
233 https://cve.mitre.org/cgi-bin/cvekey.cgi?keywo
234
235 When set to "0", symlink following behavior is
236
237 When set to "1" symlinks are permitted to be f
238 a sticky world-writable directory, or when the
239 follower match, or when the directory owner ma
240
241 This protection is based on the restrictions i
242
243
244 suid_dumpable
245 -------------
246
247 This value can be used to query and set the co
248 or otherwise protected/tainted binaries. The m
249
250 = ========== ==============================
251 0 (default) Traditional behaviour. Any pro
252 privilege levels or is execute
253 1 (debug) All processes dump core when p
254 owned by the current user and
255 intended for system debugging
256 Ptrace is unchecked.
257 This is insecure as it allows
258 memory contents of privileged
259 2 (suidsafe) Any binary which normally woul
260 anyway, but only if the ``core
261 :ref:`Documentation/admin-guid
262 is set to
263 either a pipe handler or a ful
264 details on this limitation, se
265 appropriate when administrator
266 problems in a normal environme
267 pipe handler that knows to tre
268 care, or specific directory de
269 If a core dump happens without
270 qualified path, a message will
271 about the lack of a correct se
272 = ========== ==============================
273
274
275
276 2. /proc/sys/fs/binfmt_misc
277 ===========================
278
279 Documentation for the files in ``/proc/sys/fs/
280 in Documentation/admin-guide/binfmt-misc.rst.
281
282
283 3. /proc/sys/fs/mqueue - POSIX message queues
284 ==============================================
285
286
287 The "mqueue" filesystem provides the necessa
288 creation of a user space library that imple
289 API (as noted by the MSG tag in the POSIX 10
290 Interfaces specification.)
291
292 The "mqueue" filesystem contains values for de
293 amount of resources used by the file system.
294
295 ``/proc/sys/fs/mqueue/queues_max`` is a read/w
296 setting/getting the maximum number of message
297 system.
298
299 ``/proc/sys/fs/mqueue/msg_max`` is a read/writ
300 setting/getting the maximum number of messages
301 fact it is the limiting value for another (use
302 ``mq_open`` invocation. This attribute of a q
303 or equal to ``msg_max``.
304
305 ``/proc/sys/fs/mqueue/msgsize_max`` is a read/
306 setting/getting the maximum message size value
307 every message queue, set during its creation).
308
309 ``/proc/sys/fs/mqueue/msg_default`` is a read/
310 setting/getting the default number of messages
311 ``attr`` parameter of ``mq_open(2)`` is ``NULL
312 ``msg_max``, the default value is initialized
313
314 ``/proc/sys/fs/mqueue/msgsize_default`` is a r
315 setting/getting the default message size value
316 parameter of ``mq_open(2)`` is ``NULL``. If it
317 ``msgsize_max``, the default value is initiali
318
319 4. /proc/sys/fs/epoll - Configuration options
320 ==============================================
321
322 This directory contains configuration options
323
324 max_user_watches
325 ----------------
326
327 Every epoll file descriptor can store a number
328 for event readiness. Each one of these monitor
329 This configuration option sets the maximum num
330 allowed for each user.
331 Each "watch" costs roughly 90 bytes on a 32-bi
332 on a 64-bit one.
333 The current default value for ``max_user_watch
334 available low memory, divided by the "watch" c
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.