Re: [PATCH 3/3] KEYS: Make the keyring quotas controllable through/proc/sys
From: Andrew Morton
Date: Thu Mar 13 2008 - 18:31:04 EST
On Thu, 13 Mar 2008 19:14:42 +0000
David Howells <dhowells@xxxxxxxxxx> wrote:
> Make the keyring quotas controllable through /proc/sys files:
>
> (*) /proc/sys/kernel/keys/root_maxkeys
> /proc/sys/kernel/keys/root_maxbytes
>
> Maximum number of keys that root may have and the maximum total number of
> bytes of data that root may have stored in those keys.
>
> (*) /proc/sys/kernel/keys/maxkeys
> /proc/sys/kernel/keys/maxbytes
>
> Maximum number of keys that each non-root user may have and the maximum
> total number of bytes of data that each of those users may have stored in
> their keys.
>
> Also increase the quotas as a number of people have been complaining that it's
> not big enough. I'm not sure that it's big enough now either, but on the
> other hand, it can now be set in /etc/sysctl.conf.
>
> ...
>
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -19,6 +19,7 @@
> #include <linux/list.h>
> #include <linux/rbtree.h>
> #include <linux/rcupdate.h>
> +#include <linux/sysctl.h>
> #include <asm/atomic.h>
>
> #ifdef __KERNEL__
> @@ -265,6 +266,10 @@ extern struct key *key_lookup(key_serial_t id);
>
> #define key_serial(key) ((key) ? (key)->serial : 0)
err, why was that a macro? It could have been implemented as an inline.
One which doesn't evaluate its argument twice (or once if it was -1).
> +#ifdef CONFIG_SYSCTL
> +extern ctl_table key_sysctls[];
> +#endif
I've been going around telling people to not bother with the ifdefs here.
Upside: looks nicer. Downside: defers the build error from compile-time to
link-time.
>
> +/*
> + * key quota limits
> + * - root has its own separate limits to everyone else
> + */
> +extern unsigned key_quota_root_maxkeys;
> +extern unsigned key_quota_root_maxbytes;
> +extern unsigned key_quota_maxkeys;
> +extern unsigned key_quota_maxbytes;
> +
> +#define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */
>
>
> extern struct rb_root key_serial_tree;
> diff --git a/security/keys/key.c b/security/keys/key.c
> index 46f125a..14948cf 100644
> --- a/security/keys/key.c
> +++ b/security/keys/key.c
> @@ -27,6 +27,11 @@ DEFINE_SPINLOCK(key_serial_lock);
> struct rb_root key_user_tree; /* tree of quota records indexed by UID */
> DEFINE_SPINLOCK(key_user_lock);
>
> +unsigned int key_quota_root_maxkeys = 200; /* root's key count quota */
> +unsigned int key_quota_root_maxbytes = 20000; /* root's key space quota */
> +unsigned int key_quota_maxkeys = 200; /* general key count quota */
> +unsigned int key_quota_maxbytes = 20000; /* general key space quota */
> +
> static LIST_HEAD(key_types_list);
> static DECLARE_RWSEM(key_types_sem);
>
> @@ -236,11 +241,16 @@ struct key *key_alloc(struct key_type *type, const char *desc,
> /* check that the user's quota permits allocation of another key and
> * its description */
> if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) {
> + unsigned maxkeys = (uid == 0) ?
> + key_quota_root_maxkeys : key_quota_maxkeys;
> + unsigned maxbytes = (uid == 0) ?
> + key_quota_root_maxbytes : key_quota_maxbytes;
open-coded knowledge of uid==0 might be problematic for containerisation.
Maybe it's on the containers team's radar, maybe it's actually not a
problem, don't know. (adds cc).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/