github.com/moby/docker@v26.1.3+incompatible/daemon/keys.go

github.com/moby/docker@v26.1.3+incompatible/daemon/keys.go (about)

     1  //go:build linux
     2  
     3  package daemon // import "github.com/docker/docker/daemon"
     4  
     5  import (
     6  	"os"
     7  	"strconv"
     8  	"strings"
     9  )
    10  
    11  const (
    12  	rootKeyFile   = "/proc/sys/kernel/keys/root_maxkeys"
    13  	rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
    14  	rootKeyLimit  = 1000000
    15  	// it is standard configuration to allocate 25 bytes per key
    16  	rootKeyByteMultiplier = 25
    17  )
    18  
    19  // modifyRootKeyLimit checks to see if the root key limit is set to
    20  // at least 1000000 and changes it to that limit along with the maxbytes
    21  // allocated to the keys at a 25 to 1 multiplier.
    22  func modifyRootKeyLimit() error {
    23  	value, err := readRootKeyLimit(rootKeyFile)
    24  	if err != nil {
    25  		return err
    26  	}
    27  	if value < rootKeyLimit {
    28  		return setRootKeyLimit(rootKeyLimit)
    29  	}
    30  	return nil
    31  }
    32  
    33  func setRootKeyLimit(limit int) error {
    34  	keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
    35  	if err != nil {
    36  		return err
    37  	}
    38  	defer keys.Close()
    39  	_, err = keys.WriteString(strconv.Itoa(limit))
    40  	if err != nil {
    41  		return err
    42  	}
    43  	bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
    44  	if err != nil {
    45  		return err
    46  	}
    47  	defer bytes.Close()
    48  	_, err = bytes.WriteString(strconv.Itoa(limit * rootKeyByteMultiplier))
    49  	return err
    50  }
    51  
    52  func readRootKeyLimit(path string) (int, error) {
    53  	data, err := os.ReadFile(path)
    54  	if err != nil {
    55  		return -1, err
    56  	}
    57  	return strconv.Atoi(strings.Trim(string(data), "\n"))
    58  }