docs: sysctl/kernel: document ngroups_max

This is a read-only export of NGROUPS_MAX, so this patch also changes the declarations in kernel/sysctl.c to const. Signed-off-by: Stephen Kitt <steve@sk2.org> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20200515160222.7994-1-steve@sk2.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2020-05-15 18:02:22 +02:00 · 2020-05-15 18:02:22 +02:00 · 2f4c33063a
--- a/Documentation/admin-guide/sysctl/kernel.rst
+++ b/Documentation/admin-guide/sysctl/kernel.rst
@ -517,6 +517,15 @@ Notes:
     successful IPC object allocation. If an IPC object allocation syscall
     fails, it is undefined if the value remains unmodified or is reset to -1.
 ngroups_max
 ===========
 Maximum number of supplementary groups, _i.e._ the maximum size which
 ``setgroups`` will accept. Exports ``NGROUPS_MAX`` from the kernel.
 nmi_watchdog
 ============
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@ -146,7 +146,7 @@ static unsigned long dirty_bytes_min = 2 * PAGE_SIZE;
 static int maxolduid = 65535;
 static int minolduid;
-static int ngroups_max = NGROUPS_MAX;
+static const int ngroups_max = NGROUPS_MAX;
 static const int cap_last_cap = CAP_LAST_CAP;
 /*
@ -883,7 +883,7 @@ static struct ctl_table kern_table[] = {
 #endif
 	{
 		.procname	= "ngroups_max",
-		.data		= &ngroups_max,
+		.data		= (void *)&ngroups_max,
 		.maxlen		= sizeof (int),
 		.mode		= 0444,
 		.proc_handler	= proc_dointvec,