On Wed, Oct 26, 2016 at 10:34:30PM +0200, David Herrmann wrote: > Long story short: We have uid<->uid quotas so far, which prevent DoS > attacks, unless you get access to a ridiculous amount of local UIDs. > Details on which resources are accounted can be found in the wiki [1].
Does only root user_ns uid count as separate or per-ns too? In first case we will have vitually unbounded access to UIDs. The second case can cap number of user namespaces a user can create while using bus1 inside. Or am I missing something? -- Kirill A. Shutemov