| ca3e4545 |
import (
"fmt"
"io/ioutil"
"os"
"strconv"
"strings"
)
const (
rootKeyFile = "/proc/sys/kernel/keys/root_maxkeys"
rootBytesFile = "/proc/sys/kernel/keys/root_maxbytes"
rootKeyLimit = 1000000
// it is standard configuration to allocate 25 bytes per key
rootKeyByteMultiplier = 25
)
// ModifyRootKeyLimit checks to see if the root key limit is set to
// at least 1000000 and changes it to that limit along with the maxbytes
// allocated to the keys at a 25 to 1 multiplier.
func ModifyRootKeyLimit() error {
value, err := readRootKeyLimit(rootKeyFile)
if err != nil {
return err
}
if value < rootKeyLimit {
return setRootKeyLimit(rootKeyLimit)
}
return nil
}
func setRootKeyLimit(limit int) error {
keys, err := os.OpenFile(rootKeyFile, os.O_WRONLY, 0)
if err != nil {
return err
}
defer keys.Close()
if _, err := fmt.Fprintf(keys, "%d", limit); err != nil {
return err
}
bytes, err := os.OpenFile(rootBytesFile, os.O_WRONLY, 0)
if err != nil {
return err
}
defer bytes.Close()
_, err = fmt.Fprintf(bytes, "%d", limit*rootKeyByteMultiplier)
return err
}
func readRootKeyLimit(path string) (int, error) {
data, err := ioutil.ReadFile(path)
if err != nil {
return -1, err
}
return strconv.Atoi(strings.Trim(string(data), "\n"))
} |