tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

docs: namespace: Tweak and reword resource control doc

Fix the document title and reword the phrasing to active voice.

Signed-off-by: Joel Savitz <jsavitz@redhat.com>
Message-ID: <20250421161723.1138903-1-jsavitz@redhat.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>

authored by

Joel Savitz and committed by
Jonathan Corbet c0fe189b 6c2f0b28

+12 -12
+12 -12
Documentation/admin-guide/namespaces/resource-control.rst
··· 1 - =========================== 2 - Namespaces research control 3 - =========================== 1 + ==================================== 2 + User namespaces and resource control 3 + ==================================== 4 4 5 - There are a lot of kinds of objects in the kernel that don't have 6 - individual limits or that have limits that are ineffective when a set 7 - of processes is allowed to switch user ids. With user namespaces 8 - enabled in a kernel for people who don't trust their users or their 9 - users programs to play nice this problems becomes more acute. 5 + The kernel contains many kinds of objects that either don't have 6 + individual limits or that have limits which are ineffective when 7 + a set of processes is allowed to switch their UID. On a system 8 + where the admins don't trust their users or their users' programs, 9 + user namespaces expose the system to potential misuse of resources. 10 10 11 - Therefore it is recommended that memory control groups be enabled in 12 - kernels that enable user namespaces, and it is further recommended 13 - that userspace configure memory control groups to limit how much 14 - memory user's they don't trust to play nice can use. 11 + In order to mitigate this, we recommend that admins enable memory 12 + control groups on any system that enables user namespaces. 13 + Furthermore, we recommend that admins configure the memory control 14 + groups to limit the maximum memory usable by any untrusted user. 15 15 16 16 Memory control groups can be configured by installing the libcgroup 17 17 package present on most distros editing /etc/cgrules.conf,