github.com/rumpl/bof@v23.0.0-rc.2+incompatible/daemon/keys.go (about) 1 //go:build linux 2 // +build linux 3 4 package daemon // import "github.com/docker/docker/daemon" 5 6 import ( 7 "os" 8 "strconv" 9 "strings" 10 ) 11 12 const ( 13 rootKeyFile = "/proc/sys/kernel/keys/root_maxkeys" 14 rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes" 15 rootKeyLimit = 1000000 16 // it is standard configuration to allocate 25 bytes per key 17 rootKeyByteMultiplier = 25 18 ) 19 20 // modifyRootKeyLimit checks to see if the root key limit is set to 21 // at least 1000000 and changes it to that limit along with the maxbytes 22 // allocated to the keys at a 25 to 1 multiplier. 23 func modifyRootKeyLimit() error { 24 value, err := readRootKeyLimit(rootKeyFile) 25 if err != nil { 26 return err 27 } 28 if value < rootKeyLimit { 29 return setRootKeyLimit(rootKeyLimit) 30 } 31 return nil 32 } 33 34 func setRootKeyLimit(limit int) error { 35 keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0) 36 if err != nil { 37 return err 38 } 39 defer keys.Close() 40 _, err = keys.WriteString(strconv.Itoa(limit)) 41 if err != nil { 42 return err 43 } 44 bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0) 45 if err != nil { 46 return err 47 } 48 defer bytes.Close() 49 _, err = bytes.WriteString(strconv.Itoa(limit * rootKeyByteMultiplier)) 50 return err 51 } 52 53 func readRootKeyLimit(path string) (int, error) { 54 data, err := os.ReadFile(path) 55 if err != nil { 56 return -1, err 57 } 58 return strconv.Atoi(strings.Trim(string(data), "\n")) 59 }