moby--moby/daemon/keys.go

// +build linux

package daemon

import (
	"fmt"
	"io/ioutil"
	"os"
	"strconv"
	"strings"
)

const (
	rootKeyFile   = "/proc/sys/kernel/keys/root_maxkeys"
	rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
	rootKeyLimit  = 1000000
	// it is standard configuration to allocate 25 bytes per key
	rootKeyByteMultiplier = 25
)

// ModifyRootKeyLimit checks to see if the root key limit is set to
// at least 1000000 and changes it to that limit along with the maxbytes
// allocated to the keys at a 25 to 1 multiplier.
func ModifyRootKeyLimit() error {
	value, err := readRootKeyLimit(rootKeyFile)
	if err != nil {
		return err
	}
	if value < rootKeyLimit {
		return setRootKeyLimit(rootKeyLimit)
	}
	return nil
}

func setRootKeyLimit(limit int) error {
	keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
	if err != nil {
		return err
	}
	defer keys.Close()
	if _, err := fmt.Fprintf(keys, "%d", limit); err != nil {
		return err
	}
	bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
	if err != nil {
		return err
	}
	defer bytes.Close()
	_, err = fmt.Fprintf(bytes, "%d", limit*rootKeyByteMultiplier)
	return err
}

func readRootKeyLimit(path string) (int, error) {
	data, err := ioutil.ReadFile(path)
	if err != nil {
		return -1, err
	}
	return strconv.Atoi(strings.Trim(string(data), "\n"))
}
Change root_maxkeys Most modern distros have the limit for the maximum root keys at 1000000 but some do not. Because we are creating a new key for each container we need to bump this up as the older distros are having this limit at 200. Using 1000000 as the limit because that is that most distros are setting this to now. If someone has this value configured over that we do not change it. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-06-01 20:29:06 -04:00			`// +build linux`

			`package daemon`

			`import (`
			`"fmt"`
			`"io/ioutil"`
			`"os"`
			`"strconv"`
			`"strings"`
			`)`

			`const (`
			`rootKeyFile = "/proc/sys/kernel/keys/root_maxkeys"`
			`rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"`
			`rootKeyLimit = 1000000`
			`// it is standard configuration to allocate 25 bytes per key`
			`rootKeyByteMultiplier = 25`
			`)`

			`// ModifyRootKeyLimit checks to see if the root key limit is set to`
			`// at least 1000000 and changes it to that limit along with the maxbytes`
			`// allocated to the keys at a 25 to 1 multiplier.`
			`func ModifyRootKeyLimit() error {`
			`value, err := readRootKeyLimit(rootKeyFile)`
			`if err != nil {`
			`return err`
			`}`
			`if value < rootKeyLimit {`
			`return setRootKeyLimit(rootKeyLimit)`
			`}`
			`return nil`
			`}`

			`func setRootKeyLimit(limit int) error {`
			`keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)`
			`if err != nil {`
			`return err`
			`}`
			`defer keys.Close()`
			`if _, err := fmt.Fprintf(keys, "%d", limit); err != nil {`
			`return err`
			`}`
			`bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)`
			`if err != nil {`
			`return err`
			`}`
			`defer bytes.Close()`
			`_, err = fmt.Fprintf(bytes, "%d", limit*rootKeyByteMultiplier)`
			`return err`
			`}`

			`func readRootKeyLimit(path string) (int, error) {`
			`data, err := ioutil.ReadFile(path)`
			`if err != nil {`
			`return -1, err`
			`}`
			`return strconv.Atoi(strings.Trim(string(data), "\n"))`
			`}`