github.com/rumpl/bof@v23.0.0-rc.2+incompatible/daemon/keys.go

github.com/rumpl/bof@v23.0.0-rc.2+incompatible/daemon/keys.go (about)

     1  //go:build linux
     2  // +build linux
     3  
     4  package daemon // import "github.com/docker/docker/daemon"
     5  
     6  import (
     7  	"os"
     8  	"strconv"
     9  	"strings"
    10  )
    11  
    12  const (
    13  	rootKeyFile   = "/proc/sys/kernel/keys/root_maxkeys"
    14  	rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
    15  	rootKeyLimit  = 1000000
    16  	// it is standard configuration to allocate 25 bytes per key
    17  	rootKeyByteMultiplier = 25
    18  )
    19  
    20  // modifyRootKeyLimit checks to see if the root key limit is set to
    21  // at least 1000000 and changes it to that limit along with the maxbytes
    22  // allocated to the keys at a 25 to 1 multiplier.
    23  func modifyRootKeyLimit() error {
    24  	value, err := readRootKeyLimit(rootKeyFile)
    25  	if err != nil {
    26  		return err
    27  	}
    28  	if value < rootKeyLimit {
    29  		return setRootKeyLimit(rootKeyLimit)
    30  	}
    31  	return nil
    32  }
    33  
    34  func setRootKeyLimit(limit int) error {
    35  	keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
    36  	if err != nil {
    37  		return err
    38  	}
    39  	defer keys.Close()
    40  	_, err = keys.WriteString(strconv.Itoa(limit))
    41  	if err != nil {
    42  		return err
    43  	}
    44  	bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
    45  	if err != nil {
    46  		return err
    47  	}
    48  	defer bytes.Close()
    49  	_, err = bytes.WriteString(strconv.Itoa(limit * rootKeyByteMultiplier))
    50  	return err
    51  }
    52  
    53  func readRootKeyLimit(path string) (int, error) {
    54  	data, err := os.ReadFile(path)
    55  	if err != nil {
    56  		return -1, err
    57  	}
    58  	return strconv.Atoi(strings.Trim(string(data), "\n"))
    59  }