| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 |
- //go:build linux
- package daemon // import "github.com/docker/docker/daemon"
- import (
- "os"
- "strconv"
- "strings"
- )
- const (
- rootKeyFile = "/proc/sys/kernel/keys/root_maxkeys"
- rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
- rootKeyLimit = 1000000
- // it is standard configuration to allocate 25 bytes per key
- rootKeyByteMultiplier = 25
- )
- // modifyRootKeyLimit checks to see if the root key limit is set to
- // at least 1000000 and changes it to that limit along with the maxbytes
- // allocated to the keys at a 25 to 1 multiplier.
- func modifyRootKeyLimit() error {
- value, err := readRootKeyLimit(rootKeyFile)
- if err != nil {
- return err
- }
- if value < rootKeyLimit {
- return setRootKeyLimit(rootKeyLimit)
- }
- return nil
- }
- func setRootKeyLimit(limit int) error {
- keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
- if err != nil {
- return err
- }
- defer keys.Close()
- _, err = keys.WriteString(strconv.Itoa(limit))
- if err != nil {
- return err
- }
- bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
- if err != nil {
- return err
- }
- defer bytes.Close()
- _, err = bytes.WriteString(strconv.Itoa(limit * rootKeyByteMultiplier))
- return err
- }
- func readRootKeyLimit(path string) (int, error) {
- data, err := os.ReadFile(path)
- if err != nil {
- return -1, err
- }
- return strconv.Atoi(strings.Trim(string(data), "\n"))
- }
|
