github.com/gravitational/moby@v1.13.1/daemon/keys.go (about)

     1  // +build linux
     2  
     3  package daemon
     4  
     5  import (
     6  	"fmt"
     7  	"io/ioutil"
     8  	"os"
     9  	"strconv"
    10  	"strings"
    11  )
    12  
    13  const (
    14  	rootKeyFile   = "/proc/sys/kernel/keys/root_maxkeys"
    15  	rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
    16  	rootKeyLimit  = 1000000
    17  	// it is standard configuration to allocate 25 bytes per key
    18  	rootKeyByteMultiplier = 25
    19  )
    20  
    21  // ModifyRootKeyLimit checks to see if the root key limit is set to
    22  // at least 1000000 and changes it to that limit along with the maxbytes
    23  // allocated to the keys at a 25 to 1 multiplier.
    24  func ModifyRootKeyLimit() error {
    25  	value, err := readRootKeyLimit(rootKeyFile)
    26  	if err != nil {
    27  		return err
    28  	}
    29  	if value < rootKeyLimit {
    30  		return setRootKeyLimit(rootKeyLimit)
    31  	}
    32  	return nil
    33  }
    34  
    35  func setRootKeyLimit(limit int) error {
    36  	keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
    37  	if err != nil {
    38  		return err
    39  	}
    40  	defer keys.Close()
    41  	if _, err := fmt.Fprintf(keys, "%d", limit); err != nil {
    42  		return err
    43  	}
    44  	bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
    45  	if err != nil {
    46  		return err
    47  	}
    48  	defer bytes.Close()
    49  	_, err = fmt.Fprintf(bytes, "%d", limit*rootKeyByteMultiplier)
    50  	return err
    51  }
    52  
    53  func readRootKeyLimit(path string) (int, error) {
    54  	data, err := ioutil.ReadFile(path)
    55  	if err != nil {
    56  		return -1, err
    57  	}
    58  	return strconv.Atoi(strings.Trim(string(data), "\n"))
    59  }