1===============================
2Documentation for /proc/sys/fs/
3===============================
4
5kernel version 2.2.10
6
7Copyright (c) 1998, 1999,  Rik van Riel <riel@nl.linux.org>
8
9Copyright (c) 2009,        Shen Feng<shen@cn.fujitsu.com>
10
11For general info and legal blurb, please look in intro.rst.
12
13------------------------------------------------------------------------------
14
15This file contains documentation for the sysctl files in
16/proc/sys/fs/ and is valid for Linux kernel version 2.2.
17
18The files in this directory can be used to tune and monitor
19miscellaneous and general things in the operation of the Linux
20kernel. Since some of the files _can_ be used to screw up your
21system, it is advisable to read both documentation and source
22before actually making adjustments.
23
241. /proc/sys/fs
25===============
26
27Currently, these files are in /proc/sys/fs:
28
29- aio-max-nr
30- aio-nr
31- dentry-state
32- dquot-max
33- dquot-nr
34- file-max
35- file-nr
36- inode-max
37- inode-nr
38- inode-state
39- nr_open
40- overflowuid
41- overflowgid
42- pipe-user-pages-hard
43- pipe-user-pages-soft
44- protected_fifos
45- protected_hardlinks
46- protected_regular
47- protected_symlinks
48- suid_dumpable
49- super-max
50- super-nr
51
52
53aio-nr & aio-max-nr
54-------------------
55
56aio-nr is the running total of the number of events specified on the
57io_setup system call for all currently active aio contexts.  If aio-nr
58reaches aio-max-nr then io_setup will fail with EAGAIN.  Note that
59raising aio-max-nr does not result in the pre-allocation or re-sizing
60of any kernel data structures.
61
62
63dentry-state
64------------
65
66From linux/include/linux/dcache.h::
67
68  struct dentry_stat_t dentry_stat {
69        int nr_dentry;
70        int nr_unused;
71        int age_limit;         /* age in seconds */
72        int want_pages;        /* pages requested by system */
73        int nr_negative;       /* # of unused negative dentries */
74        int dummy;             /* Reserved for future use */
75  };
76
77Dentries are dynamically allocated and deallocated.
78
79nr_dentry shows the total number of dentries allocated (active
80+ unused). nr_unused shows the number of dentries that are not
81actively used, but are saved in the LRU list for future reuse.
82
83Age_limit is the age in seconds after which dcache entries
84can be reclaimed when memory is short and want_pages is
85nonzero when shrink_dcache_pages() has been called and the
86dcache isn't pruned yet.
87
88nr_negative shows the number of unused dentries that are also
89negative dentries which do not map to any files. Instead,
90they help speeding up rejection of non-existing files provided
91by the users.
92
93
94dquot-max & dquot-nr
95--------------------
96
97The file dquot-max shows the maximum number of cached disk
98quota entries.
99
100The file dquot-nr shows the number of allocated disk quota
101entries and the number of free disk quota entries.
102
103If the number of free cached disk quotas is very low and
104you have some awesome number of simultaneous system users,
105you might want to raise the limit.
106
107
108file-max & file-nr
109------------------
110
111The value in file-max denotes the maximum number of file-
112handles that the Linux kernel will allocate. When you get lots
113of error messages about running out of file handles, you might
114want to increase this limit.
115
116Historically,the kernel was able to allocate file handles
117dynamically, but not to free them again. The three values in
118file-nr denote the number of allocated file handles, the number
119of allocated but unused file handles, and the maximum number of
120file handles. Linux 2.6 always reports 0 as the number of free
121file handles -- this is not an error, it just means that the
122number of allocated file handles exactly matches the number of
123used file handles.
124
125Attempts to allocate more file descriptors than file-max are
126reported with printk, look for "VFS: file-max limit <number>
127reached".
128
129
130nr_open
131-------
132
133This denotes the maximum number of file-handles a process can
134allocate. Default value is 1024*1024 (1048576) which should be
135enough for most machines. Actual limit depends on RLIMIT_NOFILE
136resource limit.
137
138
139inode-max, inode-nr & inode-state
140---------------------------------
141
142As with file handles, the kernel allocates the inode structures
143dynamically, but can't free them yet.
144
145The value in inode-max denotes the maximum number of inode
146handlers. This value should be 3-4 times larger than the value
147in file-max, since stdin, stdout and network sockets also
148need an inode struct to handle them. When you regularly run
149out of inodes, you need to increase this value.
150
151The file inode-nr contains the first two items from
152inode-state, so we'll skip to that file...
153
154Inode-state contains three actual numbers and four dummies.
155The actual numbers are, in order of appearance, nr_inodes,
156nr_free_inodes and preshrink.
157
158Nr_inodes stands for the number of inodes the system has
159allocated, this can be slightly more than inode-max because
160Linux allocates them one pageful at a time.
161
162Nr_free_inodes represents the number of free inodes (?) and
163preshrink is nonzero when the nr_inodes > inode-max and the
164system needs to prune the inode list instead of allocating
165more.
166
167
168overflowgid & overflowuid
169-------------------------
170
171Some filesystems only support 16-bit UIDs and GIDs, although in Linux
172UIDs and GIDs are 32 bits. When one of these filesystems is mounted
173with writes enabled, any UID or GID that would exceed 65535 is translated
174to a fixed value before being written to disk.
175
176These sysctls allow you to change the value of the fixed UID and GID.
177The default is 65534.
178
179
180pipe-user-pages-hard
181--------------------
182
183Maximum total number of pages a non-privileged user may allocate for pipes.
184Once this limit is reached, no new pipes may be allocated until usage goes
185below the limit again. When set to 0, no limit is applied, which is the default
186setting.
187
188
189pipe-user-pages-soft
190--------------------
191
192Maximum total number of pages a non-privileged user may allocate for pipes
193before the pipe size gets limited to a single page. Once this limit is reached,
194new pipes will be limited to a single page in size for this user in order to
195limit total memory usage, and trying to increase them using fcntl() will be
196denied until usage goes below the limit again. The default value allows to
197allocate up to 1024 pipes at their default size. When set to 0, no limit is
198applied.
199
200
201protected_fifos
202---------------
203
204The intent of this protection is to avoid unintentional writes to
205an attacker-controlled FIFO, where a program expected to create a regular
206file.
207
208When set to "0", writing to FIFOs is unrestricted.
209
210When set to "1" don't allow O_CREAT open on FIFOs that we don't own
211in world writable sticky directories, unless they are owned by the
212owner of the directory.
213
214When set to "2" it also applies to group writable sticky directories.
215
216This protection is based on the restrictions in Openwall.
217
218
219protected_hardlinks
220--------------------
221
222A long-standing class of security issues is the hardlink-based
223time-of-check-time-of-use race, most commonly seen in world-writable
224directories like /tmp. The common method of exploitation of this flaw
225is to cross privilege boundaries when following a given hardlink (i.e. a
226root process follows a hardlink created by another user). Additionally,
227on systems without separated partitions, this stops unauthorized users
228from "pinning" vulnerable setuid/setgid files against being upgraded by
229the administrator, or linking to special files.
230
231When set to "0", hardlink creation behavior is unrestricted.
232
233When set to "1" hardlinks cannot be created by users if they do not
234already own the source file, or do not have read/write access to it.
235
236This protection is based on the restrictions in Openwall and grsecurity.
237
238
239protected_regular
240-----------------
241
242This protection is similar to protected_fifos, but it
243avoids writes to an attacker-controlled regular file, where a program
244expected to create one.
245
246When set to "0", writing to regular files is unrestricted.
247
248When set to "1" don't allow O_CREAT open on regular files that we
249don't own in world writable sticky directories, unless they are
250owned by the owner of the directory.
251
252When set to "2" it also applies to group writable sticky directories.
253
254
255protected_symlinks
256------------------
257
258A long-standing class of security issues is the symlink-based
259time-of-check-time-of-use race, most commonly seen in world-writable
260directories like /tmp. The common method of exploitation of this flaw
261is to cross privilege boundaries when following a given symlink (i.e. a
262root process follows a symlink belonging to another user). For a likely
263incomplete list of hundreds of examples across the years, please see:
264http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
265
266When set to "0", symlink following behavior is unrestricted.
267
268When set to "1" symlinks are permitted to be followed only when outside
269a sticky world-writable directory, or when the uid of the symlink and
270follower match, or when the directory owner matches the symlink's owner.
271
272This protection is based on the restrictions in Openwall and grsecurity.
273
274
275suid_dumpable:
276--------------
277
278This value can be used to query and set the core dump mode for setuid
279or otherwise protected/tainted binaries. The modes are
280
281=   ==========  ===============================================================
2820   (default)	traditional behaviour. Any process which has changed
283		privilege levels or is execute only will not be dumped.
2841   (debug)	all processes dump core when possible. The core dump is
285		owned by the current user and no security is applied. This is
286		intended for system debugging situations only.
287		Ptrace is unchecked.
288		This is insecure as it allows regular users to examine the
289		memory contents of privileged processes.
2902   (suidsafe)	any binary which normally would not be dumped is dumped
291		anyway, but only if the "core_pattern" kernel sysctl is set to
292		either a pipe handler or a fully qualified path. (For more
293		details on this limitation, see CVE-2006-2451.) This mode is
294		appropriate when administrators are attempting to debug
295		problems in a normal environment, and either have a core dump
296		pipe handler that knows to treat privileged core dumps with
297		care, or specific directory defined for catching core dumps.
298		If a core dump happens without a pipe handler or fully
299		qualified path, a message will be emitted to syslog warning
300		about the lack of a correct setting.
301=   ==========  ===============================================================
302
303
304super-max & super-nr
305--------------------
306
307These numbers control the maximum number of superblocks, and
308thus the maximum number of mounted filesystems the kernel
309can have. You only need to increase super-max if you need to
310mount more filesystems than the current value in super-max
311allows you to.
312
313
314aio-nr & aio-max-nr
315-------------------
316
317aio-nr shows the current system-wide number of asynchronous io
318requests.  aio-max-nr allows you to change the maximum value
319aio-nr can grow to.
320
321
322mount-max
323---------
324
325This denotes the maximum number of mounts that may exist
326in a mount namespace.
327
328
329
3302. /proc/sys/fs/binfmt_misc
331===========================
332
333Documentation for the files in /proc/sys/fs/binfmt_misc is
334in Documentation/admin-guide/binfmt-misc.rst.
335
336
3373. /proc/sys/fs/mqueue - POSIX message queues filesystem
338========================================================
339
340
341The "mqueue"  filesystem provides  the necessary kernel features to enable the
342creation of a  user space  library that  implements  the  POSIX message queues
343API (as noted by the  MSG tag in the  POSIX 1003.1-2001 version  of the System
344Interfaces specification.)
345
346The "mqueue" filesystem contains values for determining/setting  the amount of
347resources used by the file system.
348
349/proc/sys/fs/mqueue/queues_max is a read/write  file for  setting/getting  the
350maximum number of message queues allowed on the system.
351
352/proc/sys/fs/mqueue/msg_max  is  a  read/write file  for  setting/getting  the
353maximum number of messages in a queue value.  In fact it is the limiting value
354for another (user) limit which is set in mq_open invocation. This attribute of
355a queue must be less or equal then msg_max.
356
357/proc/sys/fs/mqueue/msgsize_max is  a read/write  file for setting/getting the
358maximum  message size value (it is every  message queue's attribute set during
359its creation).
360
361/proc/sys/fs/mqueue/msg_default is  a read/write  file for setting/getting the
362default number of messages in a queue value if attr parameter of mq_open(2) is
363NULL. If it exceed msg_max, the default value is initialized msg_max.
364
365/proc/sys/fs/mqueue/msgsize_default is a read/write file for setting/getting
366the default message size value if attr parameter of mq_open(2) is NULL. If it
367exceed msgsize_max, the default value is initialized msgsize_max.
368
3694. /proc/sys/fs/epoll - Configuration options for the epoll interface
370=====================================================================
371
372This directory contains configuration options for the epoll(7) interface.
373
374max_user_watches
375----------------
376
377Every epoll file descriptor can store a number of files to be monitored
378for event readiness. Each one of these monitored files constitutes a "watch".
379This configuration option sets the maximum number of "watches" that are
380allowed for each user.
381Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes
382on a 64bit one.
383The current default value for  max_user_watches  is the 1/32 of the available
384low memory, divided for the "watch" cost in bytes.
385