1 =============================== 1 =============================== 2 Documentation for /proc/sys/fs/ 2 Documentation for /proc/sys/fs/ 3 =============================== 3 =============================== 4 4 >> 5 kernel version 2.2.10 >> 6 5 Copyright (c) 1998, 1999, Rik van Riel <riel@n 7 Copyright (c) 1998, 1999, Rik van Riel <riel@nl.linux.org> 6 8 7 Copyright (c) 2009, Shen Feng<shen@cn.fu 9 Copyright (c) 2009, Shen Feng<shen@cn.fujitsu.com> 8 10 9 For general info and legal blurb, please look 11 For general info and legal blurb, please look in intro.rst. 10 12 11 ---------------------------------------------- 13 ------------------------------------------------------------------------------ 12 14 13 This file contains documentation for the sysct !! 15 This file contains documentation for the sysctl files in 14 in ``/proc/sys/fs/``. !! 16 /proc/sys/fs/ and is valid for Linux kernel version 2.2. 15 17 16 The files in this directory can be used to tun 18 The files in this directory can be used to tune and monitor 17 miscellaneous and general things in the operat 19 miscellaneous and general things in the operation of the Linux 18 kernel. Since some of the files *can* be used !! 20 kernel. Since some of the files _can_ be used to screw up your 19 system, it is advisable to read both documenta 21 system, it is advisable to read both documentation and source 20 before actually making adjustments. 22 before actually making adjustments. 21 23 22 1. /proc/sys/fs 24 1. /proc/sys/fs 23 =============== 25 =============== 24 26 25 Currently, these files might (depending on you !! 27 Currently, these files are in /proc/sys/fs: 26 show up in ``/proc/sys/fs``: << 27 28 28 .. contents:: :local: !! 29 - aio-max-nr >> 30 - aio-nr >> 31 - dentry-state >> 32 - dquot-max >> 33 - dquot-nr >> 34 - file-max >> 35 - file-nr >> 36 - inode-max >> 37 - inode-nr >> 38 - inode-state >> 39 - nr_open >> 40 - overflowuid >> 41 - overflowgid >> 42 - pipe-user-pages-hard >> 43 - pipe-user-pages-soft >> 44 - protected_fifos >> 45 - protected_hardlinks >> 46 - protected_regular >> 47 - protected_symlinks >> 48 - suid_dumpable >> 49 - super-max >> 50 - super-nr 29 51 30 52 31 aio-nr & aio-max-nr 53 aio-nr & aio-max-nr 32 ------------------- 54 ------------------- 33 55 34 ``aio-nr`` shows the current system-wide numbe !! 56 aio-nr is the running total of the number of events specified on the 35 requests. ``aio-max-nr`` allows you to change !! 57 io_setup system call for all currently active aio contexts. If aio-nr 36 ``aio-nr`` can grow to. If ``aio-nr`` reaches !! 58 reaches aio-max-nr then io_setup will fail with EAGAIN. Note that 37 ``io_setup`` will fail with ``EAGAIN``. Note !! 59 raising aio-max-nr does not result in the pre-allocation or re-sizing 38 ``aio-max-nr`` does not result in the !! 60 of any kernel data structures. 39 pre-allocation or re-sizing of any kernel data << 40 61 41 62 42 dentry-state 63 dentry-state 43 ------------ 64 ------------ 44 65 45 This file shows the values in ``struct dentry_ !! 66 From linux/include/linux/dcache.h:: 46 ``fs/dcache.c``:: << 47 67 48 struct dentry_stat_t dentry_stat { 68 struct dentry_stat_t dentry_stat { 49 long nr_dentry; !! 69 int nr_dentry; 50 long nr_unused; !! 70 int nr_unused; 51 long age_limit; /* age in seco !! 71 int age_limit; /* age in seconds */ 52 long want_pages; /* pages reque !! 72 int want_pages; /* pages requested by system */ 53 long nr_negative; /* # of unused !! 73 int nr_negative; /* # of unused negative dentries */ 54 long dummy; /* Reserved fo !! 74 int dummy; /* Reserved for future use */ 55 }; 75 }; 56 76 57 Dentries are dynamically allocated and dealloc 77 Dentries are dynamically allocated and deallocated. 58 78 59 ``nr_dentry`` shows the total number of dentri !! 79 nr_dentry shows the total number of dentries allocated (active 60 + unused). ``nr_unused shows`` the number of d !! 80 + unused). nr_unused shows the number of dentries that are not 61 actively used, but are saved in the LRU list f 81 actively used, but are saved in the LRU list for future reuse. 62 82 63 ``age_limit`` is the age in seconds after whic !! 83 Age_limit is the age in seconds after which dcache entries 64 can be reclaimed when memory is short and ``wa !! 84 can be reclaimed when memory is short and want_pages is 65 nonzero when ``shrink_dcache_pages()`` has bee !! 85 nonzero when shrink_dcache_pages() has been called and the 66 dcache isn't pruned yet. 86 dcache isn't pruned yet. 67 87 68 ``nr_negative`` shows the number of unused den !! 88 nr_negative shows the number of unused dentries that are also 69 negative dentries which do not map to any file 89 negative dentries which do not map to any files. Instead, 70 they help speeding up rejection of non-existin 90 they help speeding up rejection of non-existing files provided 71 by the users. 91 by the users. 72 92 73 93 >> 94 dquot-max & dquot-nr >> 95 -------------------- >> 96 >> 97 The file dquot-max shows the maximum number of cached disk >> 98 quota entries. >> 99 >> 100 The file dquot-nr shows the number of allocated disk quota >> 101 entries and the number of free disk quota entries. >> 102 >> 103 If the number of free cached disk quotas is very low and >> 104 you have some awesome number of simultaneous system users, >> 105 you might want to raise the limit. >> 106 >> 107 74 file-max & file-nr 108 file-max & file-nr 75 ------------------ 109 ------------------ 76 110 77 The value in ``file-max`` denotes the maximum !! 111 The value in file-max denotes the maximum number of file- 78 handles that the Linux kernel will allocate. W 112 handles that the Linux kernel will allocate. When you get lots 79 of error messages about running out of file ha 113 of error messages about running out of file handles, you might 80 want to increase this limit. 114 want to increase this limit. 81 115 82 Historically,the kernel was able to allocate f 116 Historically,the kernel was able to allocate file handles 83 dynamically, but not to free them again. The t 117 dynamically, but not to free them again. The three values in 84 ``file-nr`` denote the number of allocated fil !! 118 file-nr denote the number of allocated file handles, the number 85 of allocated but unused file handles, and the 119 of allocated but unused file handles, and the maximum number of 86 file handles. Linux 2.6 and later always repor !! 120 file handles. Linux 2.6 always reports 0 as the number of free 87 file handles -- this is not an error, it just 121 file handles -- this is not an error, it just means that the 88 number of allocated file handles exactly match 122 number of allocated file handles exactly matches the number of 89 used file handles. 123 used file handles. 90 124 91 Attempts to allocate more file descriptors tha !! 125 Attempts to allocate more file descriptors than file-max are 92 reported with ``printk``, look for:: !! 126 reported with printk, look for "VFS: file-max limit <number> >> 127 reached". >> 128 93 129 94 VFS: file-max limit <number> reached !! 130 nr_open >> 131 ------- 95 132 96 in the kernel logs. !! 133 This denotes the maximum number of file-handles a process can >> 134 allocate. Default value is 1024*1024 (1048576) which should be >> 135 enough for most machines. Actual limit depends on RLIMIT_NOFILE >> 136 resource limit. 97 137 98 138 99 inode-nr & inode-state !! 139 inode-max, inode-nr & inode-state 100 ---------------------- !! 140 --------------------------------- 101 141 102 As with file handles, the kernel allocates the 142 As with file handles, the kernel allocates the inode structures 103 dynamically, but can't free them yet. 143 dynamically, but can't free them yet. 104 144 105 The file ``inode-nr`` contains the first two i !! 145 The value in inode-max denotes the maximum number of inode 106 ``inode-state``, so we'll skip to that file... !! 146 handlers. This value should be 3-4 times larger than the value 107 !! 147 in file-max, since stdin, stdout and network sockets also 108 ``inode-state`` contains three actual numbers !! 148 need an inode struct to handle them. When you regularly run 109 The actual numbers are, in order of appearance !! 149 out of inodes, you need to increase this value. 110 ``nr_free_inodes`` and ``preshrink``. !! 150 111 !! 151 The file inode-nr contains the first two items from 112 ``nr_inodes`` stands for the number of inodes !! 152 inode-state, so we'll skip to that file... 113 allocated. !! 153 >> 154 Inode-state contains three actual numbers and four dummies. >> 155 The actual numbers are, in order of appearance, nr_inodes, >> 156 nr_free_inodes and preshrink. >> 157 >> 158 Nr_inodes stands for the number of inodes the system has >> 159 allocated, this can be slightly more than inode-max because >> 160 Linux allocates them one pageful at a time. 114 161 115 ``nr_free_inodes`` represents the number of fr !! 162 Nr_free_inodes represents the number of free inodes (?) and 116 preshrink is nonzero when the !! 163 preshrink is nonzero when the nr_inodes > inode-max and the 117 system needs to prune the inode list instead o 164 system needs to prune the inode list instead of allocating 118 more. 165 more. 119 166 120 167 121 mount-max << 122 --------- << 123 << 124 This denotes the maximum number of mounts that << 125 in a mount namespace. << 126 << 127 << 128 nr_open << 129 ------- << 130 << 131 This denotes the maximum number of file-handle << 132 allocate. Default value is 1024*1024 (1048576) << 133 enough for most machines. Actual limit depends << 134 resource limit. << 135 << 136 << 137 overflowgid & overflowuid 168 overflowgid & overflowuid 138 ------------------------- 169 ------------------------- 139 170 140 Some filesystems only support 16-bit UIDs and 171 Some filesystems only support 16-bit UIDs and GIDs, although in Linux 141 UIDs and GIDs are 32 bits. When one of these f 172 UIDs and GIDs are 32 bits. When one of these filesystems is mounted 142 with writes enabled, any UID or GID that would 173 with writes enabled, any UID or GID that would exceed 65535 is translated 143 to a fixed value before being written to disk. 174 to a fixed value before being written to disk. 144 175 145 These sysctls allow you to change the value of 176 These sysctls allow you to change the value of the fixed UID and GID. 146 The default is 65534. 177 The default is 65534. 147 178 148 179 149 pipe-user-pages-hard 180 pipe-user-pages-hard 150 -------------------- 181 -------------------- 151 182 152 Maximum total number of pages a non-privileged 183 Maximum total number of pages a non-privileged user may allocate for pipes. 153 Once this limit is reached, no new pipes may b 184 Once this limit is reached, no new pipes may be allocated until usage goes 154 below the limit again. When set to 0, no limit 185 below the limit again. When set to 0, no limit is applied, which is the default 155 setting. 186 setting. 156 187 157 188 158 pipe-user-pages-soft 189 pipe-user-pages-soft 159 -------------------- 190 -------------------- 160 191 161 Maximum total number of pages a non-privileged 192 Maximum total number of pages a non-privileged user may allocate for pipes 162 before the pipe size gets limited to a single 193 before the pipe size gets limited to a single page. Once this limit is reached, 163 new pipes will be limited to a single page in 194 new pipes will be limited to a single page in size for this user in order to 164 limit total memory usage, and trying to increa !! 195 limit total memory usage, and trying to increase them using fcntl() will be 165 denied until usage goes below the limit again. 196 denied until usage goes below the limit again. The default value allows to 166 allocate up to 1024 pipes at their default siz 197 allocate up to 1024 pipes at their default size. When set to 0, no limit is 167 applied. 198 applied. 168 199 169 200 170 protected_fifos 201 protected_fifos 171 --------------- 202 --------------- 172 203 173 The intent of this protection is to avoid unin 204 The intent of this protection is to avoid unintentional writes to 174 an attacker-controlled FIFO, where a program e 205 an attacker-controlled FIFO, where a program expected to create a regular 175 file. 206 file. 176 207 177 When set to "0", writing to FIFOs is unrestric 208 When set to "0", writing to FIFOs is unrestricted. 178 209 179 When set to "1" don't allow ``O_CREAT`` open o !! 210 When set to "1" don't allow O_CREAT open on FIFOs that we don't own 180 in world writable sticky directories, unless t 211 in world writable sticky directories, unless they are owned by the 181 owner of the directory. 212 owner of the directory. 182 213 183 When set to "2" it also applies to group writa 214 When set to "2" it also applies to group writable sticky directories. 184 215 185 This protection is based on the restrictions i 216 This protection is based on the restrictions in Openwall. 186 217 187 218 188 protected_hardlinks 219 protected_hardlinks 189 -------------------- 220 -------------------- 190 221 191 A long-standing class of security issues is th 222 A long-standing class of security issues is the hardlink-based 192 time-of-check-time-of-use race, most commonly 223 time-of-check-time-of-use race, most commonly seen in world-writable 193 directories like ``/tmp``. The common method o !! 224 directories like /tmp. The common method of exploitation of this flaw 194 is to cross privilege boundaries when followin 225 is to cross privilege boundaries when following a given hardlink (i.e. a 195 root process follows a hardlink created by ano 226 root process follows a hardlink created by another user). Additionally, 196 on systems without separated partitions, this 227 on systems without separated partitions, this stops unauthorized users 197 from "pinning" vulnerable setuid/setgid files 228 from "pinning" vulnerable setuid/setgid files against being upgraded by 198 the administrator, or linking to special files 229 the administrator, or linking to special files. 199 230 200 When set to "0", hardlink creation behavior is 231 When set to "0", hardlink creation behavior is unrestricted. 201 232 202 When set to "1" hardlinks cannot be created by 233 When set to "1" hardlinks cannot be created by users if they do not 203 already own the source file, or do not have re 234 already own the source file, or do not have read/write access to it. 204 235 205 This protection is based on the restrictions i 236 This protection is based on the restrictions in Openwall and grsecurity. 206 237 207 238 208 protected_regular 239 protected_regular 209 ----------------- 240 ----------------- 210 241 211 This protection is similar to `protected_fifos !! 242 This protection is similar to protected_fifos, but it 212 avoids writes to an attacker-controlled regula 243 avoids writes to an attacker-controlled regular file, where a program 213 expected to create one. 244 expected to create one. 214 245 215 When set to "0", writing to regular files is u 246 When set to "0", writing to regular files is unrestricted. 216 247 217 When set to "1" don't allow ``O_CREAT`` open o !! 248 When set to "1" don't allow O_CREAT open on regular files that we 218 don't own in world writable sticky directories 249 don't own in world writable sticky directories, unless they are 219 owned by the owner of the directory. 250 owned by the owner of the directory. 220 251 221 When set to "2" it also applies to group writa 252 When set to "2" it also applies to group writable sticky directories. 222 253 223 254 224 protected_symlinks 255 protected_symlinks 225 ------------------ 256 ------------------ 226 257 227 A long-standing class of security issues is th 258 A long-standing class of security issues is the symlink-based 228 time-of-check-time-of-use race, most commonly 259 time-of-check-time-of-use race, most commonly seen in world-writable 229 directories like ``/tmp``. The common method o !! 260 directories like /tmp. The common method of exploitation of this flaw 230 is to cross privilege boundaries when followin 261 is to cross privilege boundaries when following a given symlink (i.e. a 231 root process follows a symlink belonging to an 262 root process follows a symlink belonging to another user). For a likely 232 incomplete list of hundreds of examples across 263 incomplete list of hundreds of examples across the years, please see: 233 https://cve.mitre.org/cgi-bin/cvekey.cgi?keywo 264 https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp 234 265 235 When set to "0", symlink following behavior is 266 When set to "0", symlink following behavior is unrestricted. 236 267 237 When set to "1" symlinks are permitted to be f 268 When set to "1" symlinks are permitted to be followed only when outside 238 a sticky world-writable directory, or when the 269 a sticky world-writable directory, or when the uid of the symlink and 239 follower match, or when the directory owner ma 270 follower match, or when the directory owner matches the symlink's owner. 240 271 241 This protection is based on the restrictions i 272 This protection is based on the restrictions in Openwall and grsecurity. 242 273 243 274 244 suid_dumpable !! 275 suid_dumpable: 245 ------------- !! 276 -------------- 246 277 247 This value can be used to query and set the co 278 This value can be used to query and set the core dump mode for setuid 248 or otherwise protected/tainted binaries. The m 279 or otherwise protected/tainted binaries. The modes are 249 280 250 = ========== ============================== 281 = ========== =============================================================== 251 0 (default) Traditional behaviour. Any pro !! 282 0 (default) traditional behaviour. Any process which has changed 252 privilege levels or is execute 283 privilege levels or is execute only will not be dumped. 253 1 (debug) All processes dump core when p !! 284 1 (debug) all processes dump core when possible. The core dump is 254 owned by the current user and 285 owned by the current user and no security is applied. This is 255 intended for system debugging 286 intended for system debugging situations only. 256 Ptrace is unchecked. 287 Ptrace is unchecked. 257 This is insecure as it allows 288 This is insecure as it allows regular users to examine the 258 memory contents of privileged 289 memory contents of privileged processes. 259 2 (suidsafe) Any binary which normally woul !! 290 2 (suidsafe) any binary which normally would not be dumped is dumped 260 anyway, but only if the ``core !! 291 anyway, but only if the "core_pattern" kernel sysctl is set to 261 :ref:`Documentation/admin-guid << 262 is set to << 263 either a pipe handler or a ful 292 either a pipe handler or a fully qualified path. (For more 264 details on this limitation, se 293 details on this limitation, see CVE-2006-2451.) This mode is 265 appropriate when administrator 294 appropriate when administrators are attempting to debug 266 problems in a normal environme 295 problems in a normal environment, and either have a core dump 267 pipe handler that knows to tre 296 pipe handler that knows to treat privileged core dumps with 268 care, or specific directory de 297 care, or specific directory defined for catching core dumps. 269 If a core dump happens without 298 If a core dump happens without a pipe handler or fully 270 qualified path, a message will 299 qualified path, a message will be emitted to syslog warning 271 about the lack of a correct se 300 about the lack of a correct setting. 272 = ========== ============================== 301 = ========== =============================================================== 273 302 274 303 >> 304 super-max & super-nr >> 305 -------------------- >> 306 >> 307 These numbers control the maximum number of superblocks, and >> 308 thus the maximum number of mounted filesystems the kernel >> 309 can have. You only need to increase super-max if you need to >> 310 mount more filesystems than the current value in super-max >> 311 allows you to. >> 312 >> 313 >> 314 aio-nr & aio-max-nr >> 315 ------------------- >> 316 >> 317 aio-nr shows the current system-wide number of asynchronous io >> 318 requests. aio-max-nr allows you to change the maximum value >> 319 aio-nr can grow to. >> 320 >> 321 >> 322 mount-max >> 323 --------- >> 324 >> 325 This denotes the maximum number of mounts that may exist >> 326 in a mount namespace. >> 327 >> 328 275 329 276 2. /proc/sys/fs/binfmt_misc 330 2. /proc/sys/fs/binfmt_misc 277 =========================== 331 =========================== 278 332 279 Documentation for the files in ``/proc/sys/fs/ !! 333 Documentation for the files in /proc/sys/fs/binfmt_misc is 280 in Documentation/admin-guide/binfmt-misc.rst. 334 in Documentation/admin-guide/binfmt-misc.rst. 281 335 282 336 283 3. /proc/sys/fs/mqueue - POSIX message queues 337 3. /proc/sys/fs/mqueue - POSIX message queues filesystem 284 ============================================== 338 ======================================================== 285 339 286 340 287 The "mqueue" filesystem provides the necessa 341 The "mqueue" filesystem provides the necessary kernel features to enable the 288 creation of a user space library that imple 342 creation of a user space library that implements the POSIX message queues 289 API (as noted by the MSG tag in the POSIX 10 343 API (as noted by the MSG tag in the POSIX 1003.1-2001 version of the System 290 Interfaces specification.) 344 Interfaces specification.) 291 345 292 The "mqueue" filesystem contains values for de !! 346 The "mqueue" filesystem contains values for determining/setting the amount of 293 amount of resources used by the file system. !! 347 resources used by the file system. >> 348 >> 349 /proc/sys/fs/mqueue/queues_max is a read/write file for setting/getting the >> 350 maximum number of message queues allowed on the system. 294 351 295 ``/proc/sys/fs/mqueue/queues_max`` is a read/w !! 352 /proc/sys/fs/mqueue/msg_max is a read/write file for setting/getting the 296 setting/getting the maximum number of message !! 353 maximum number of messages in a queue value. In fact it is the limiting value 297 system. !! 354 for another (user) limit which is set in mq_open invocation. This attribute of 298 !! 355 a queue must be less or equal then msg_max. 299 ``/proc/sys/fs/mqueue/msg_max`` is a read/writ !! 356 300 setting/getting the maximum number of messages !! 357 /proc/sys/fs/mqueue/msgsize_max is a read/write file for setting/getting the 301 fact it is the limiting value for another (use !! 358 maximum message size value (it is every message queue's attribute set during 302 ``mq_open`` invocation. This attribute of a q !! 359 its creation). 303 or equal to ``msg_max``. !! 360 304 !! 361 /proc/sys/fs/mqueue/msg_default is a read/write file for setting/getting the 305 ``/proc/sys/fs/mqueue/msgsize_max`` is a read/ !! 362 default number of messages in a queue value if attr parameter of mq_open(2) is 306 setting/getting the maximum message size value !! 363 NULL. If it exceed msg_max, the default value is initialized msg_max. 307 every message queue, set during its creation). !! 364 308 !! 365 /proc/sys/fs/mqueue/msgsize_default is a read/write file for setting/getting 309 ``/proc/sys/fs/mqueue/msg_default`` is a read/ !! 366 the default message size value if attr parameter of mq_open(2) is NULL. If it 310 setting/getting the default number of messages !! 367 exceed msgsize_max, the default value is initialized msgsize_max. 311 ``attr`` parameter of ``mq_open(2)`` is ``NULL << 312 ``msg_max``, the default value is initialized << 313 << 314 ``/proc/sys/fs/mqueue/msgsize_default`` is a r << 315 setting/getting the default message size value << 316 parameter of ``mq_open(2)`` is ``NULL``. If it << 317 ``msgsize_max``, the default value is initiali << 318 368 319 4. /proc/sys/fs/epoll - Configuration options 369 4. /proc/sys/fs/epoll - Configuration options for the epoll interface 320 ============================================== 370 ===================================================================== 321 371 322 This directory contains configuration options 372 This directory contains configuration options for the epoll(7) interface. 323 373 324 max_user_watches 374 max_user_watches 325 ---------------- 375 ---------------- 326 376 327 Every epoll file descriptor can store a number 377 Every epoll file descriptor can store a number of files to be monitored 328 for event readiness. Each one of these monitor 378 for event readiness. Each one of these monitored files constitutes a "watch". 329 This configuration option sets the maximum num 379 This configuration option sets the maximum number of "watches" that are 330 allowed for each user. 380 allowed for each user. 331 Each "watch" costs roughly 90 bytes on a 32-bi !! 381 Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes 332 on a 64-bit one. !! 382 on a 64bit one. 333 The current default value for ``max_user_watch !! 383 The current default value for max_user_watches is the 1/32 of the available 334 available low memory, divided by the "watch" c !! 384 low memory, divided for the "watch" cost in bytes.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.