On Thu, Oct 27, 2016 at 03:45:24AM +0300, Kirill A. Shutemov wrote: > On Wed, Oct 26, 2016 at 10:34:30PM +0200, David Herrmann wrote: > > Long story short: We have uid<->uid quotas so far, which prevent DoS > > attacks, unless you get access to a ridiculous amount of local UIDs. > > Details on which resources are accounted can be found in the wiki [1]. > > Does only root user_ns uid count as separate or per-ns too? > > In first case we will have vitually unbounded access to UIDs. > > The second case can cap number of user namespaces a user can create while > using bus1 inside.
That seems easy enough to solve. Make the uid<->uid quota use uids in the namespace of the side whose resources the operation uses. That way, if both sender and recipient live in a user namespace then you get quota per user in the namespace, but you can't use a user namespace to cheat and manufacture more users to get more quota when talking to something *outside* that namespace. - Josh Triplett