mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
59 lines
1.3 KiB
Go
59 lines
1.3 KiB
Go
// +build linux
|
|
|
|
package daemon // import "github.com/docker/docker/daemon"
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"strconv"
|
|
"strings"
|
|
)
|
|
|
|
const (
|
|
rootKeyFile = "/proc/sys/kernel/keys/root_maxkeys"
|
|
rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
|
|
rootKeyLimit = 1000000
|
|
// it is standard configuration to allocate 25 bytes per key
|
|
rootKeyByteMultiplier = 25
|
|
)
|
|
|
|
// ModifyRootKeyLimit checks to see if the root key limit is set to
|
|
// at least 1000000 and changes it to that limit along with the maxbytes
|
|
// allocated to the keys at a 25 to 1 multiplier.
|
|
func ModifyRootKeyLimit() error {
|
|
value, err := readRootKeyLimit(rootKeyFile)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if value < rootKeyLimit {
|
|
return setRootKeyLimit(rootKeyLimit)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func setRootKeyLimit(limit int) error {
|
|
keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer keys.Close()
|
|
if _, err := fmt.Fprintf(keys, "%d", limit); err != nil {
|
|
return err
|
|
}
|
|
bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer bytes.Close()
|
|
_, err = fmt.Fprintf(bytes, "%d", limit*rootKeyByteMultiplier)
|
|
return err
|
|
}
|
|
|
|
func readRootKeyLimit(path string) (int, error) {
|
|
data, err := ioutil.ReadFile(path)
|
|
if err != nil {
|
|
return -1, err
|
|
}
|
|
return strconv.Atoi(strings.Trim(string(data), "\n"))
|
|
}
|