| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- // +build linux
- package daemon
- import (
- "fmt"
- "io/ioutil"
- "os"
- "strconv"
- "strings"
- )
- const (
- rootKeyFile = "/proc/sys/kernel/keys/root_maxkeys"
- rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
- rootKeyLimit = 1000000
- // it is standard configuration to allocate 25 bytes per key
- rootKeyByteMultiplier = 25
- )
- // ModifyRootKeyLimit checks to see if the root key limit is set to
- // at least 1000000 and changes it to that limit along with the maxbytes
- // allocated to the keys at a 25 to 1 multiplier.
- func ModifyRootKeyLimit() error {
- value, err := readRootKeyLimit(rootKeyFile)
- if err != nil {
- return err
- }
- if value < rootKeyLimit {
- return setRootKeyLimit(rootKeyLimit)
- }
- return nil
- }
- func setRootKeyLimit(limit int) error {
- keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
- if err != nil {
- return err
- }
- defer keys.Close()
- if _, err := fmt.Fprintf(keys, "%d", limit); err != nil {
- return err
- }
- bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
- if err != nil {
- return err
- }
- defer bytes.Close()
- _, err = fmt.Fprintf(bytes, "%d", limit*rootKeyByteMultiplier)
- return err
- }
- func readRootKeyLimit(path string) (int, error) {
- data, err := ioutil.ReadFile(path)
- if err != nil {
- return -1, err
- }
- return strconv.Atoi(strings.Trim(string(data), "\n"))
- }
|
