From e6315bb154e778391ce64b194756bd3d108dadf6 Mon Sep 17 00:00:00 2001 From: KOSAKI Motohiro Date: Thu, 31 May 2012 16:26:31 -0700 Subject: mqueue: revert bump up DFLT_*MAX Mqueue limitation is slightly naieve parameter likes other ipcs because unprivileged user can consume kernel memory by using ipcs. Thus, too aggressive raise bring us security issue. Example, current setting allow evil unprivileged user use 256GB (= 256 * 1024 * 1024*1024) and it's enough large to system will belome unresponsive. Don't do that. Instead, every admin should adjust the knobs for their own systems. Signed-off-by: KOSAKI Motohiro Acked-by: Doug Ledford Acked-by: Joe Korty Cc: Amerigo Wang Acked-by: Serge E. Hallyn Cc: Jiri Slaby Cc: Manfred Spraul Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/ipc_namespace.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h index 6e1dd08194fd..2488535a32a3 100644 --- a/include/linux/ipc_namespace.h +++ b/include/linux/ipc_namespace.h @@ -118,12 +118,12 @@ extern int mq_init_ns(struct ipc_namespace *ns); #define DFLT_QUEUESMAX 256 #define HARD_QUEUESMAX 1024 #define MIN_MSGMAX 1 -#define DFLT_MSG 64U -#define DFLT_MSGMAX 1024 +#define DFLT_MSG 10U +#define DFLT_MSGMAX 10 #define HARD_MSGMAX 65536 #define MIN_MSGSIZEMAX 128 #define DFLT_MSGSIZE 8192U -#define DFLT_MSGSIZEMAX (1024*1024) +#define DFLT_MSGSIZEMAX 8192 #define HARD_MSGSIZEMAX (16*1024*1024) #else static inline int mq_init_ns(struct ipc_namespace *ns) { return 0; } -- cgit v1.2.3-58-ga151