* Max 26 concurrent ecryptfs mounts?
@ 2016-03-21 21:20 Joe Lauer
2016-04-10 11:59 ` James Muir
0 siblings, 1 reply; 2+ messages in thread
From: Joe Lauer @ 2016-03-21 21:20 UTC (permalink / raw)
To: ecryptfs
Hi ecryptfs community,
We're trying to use ecryptfs to create a large number of uniquely
encrypted directories. We really like the idea that these are
overlayed on the existing filesystem and can all have different
encryption keys assigned. So I'm hoping we can make ecryptfs work.
It appears that we can create 26 directories (which also means 26
different mounts), but then we get a exit value of 134 from
mount.ecryptfs on the 27th user. Here is the exact error message:
Error attempting to evaluate mount options: [-122] Disk quota exceeded
Check your system logs for details on why this happened.
Try updating your ecryptfs-utils package, and/or
submit a bug report on https://bugs.launchpad.net/ecryptfs
My theory is that since we mount everything using "sudo" and thus as
root, that its reusing the same keyring and maybe is hitting the 32K
limit on kernel keyrings.
So my questions:
1) Is my theory correct?
2) Are there any workarounds? Any magic kernel settings I can tune to
allow for more? Or can we actually mount a directory under a
different account than root so that a new keyring is used as opposed
for root.
Thx.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Max 26 concurrent ecryptfs mounts?
2016-03-21 21:20 Max 26 concurrent ecryptfs mounts? Joe Lauer
@ 2016-04-10 11:59 ` James Muir
0 siblings, 0 replies; 2+ messages in thread
From: James Muir @ 2016-04-10 11:59 UTC (permalink / raw)
To: Joe Lauer, ecryptfs
On 16-03-21 05:20 PM, Joe Lauer wrote:
> 2) Are there any workarounds? Any magic kernel settings I can tune to
> allow for more? Or can we actually mount a directory under a
> different account than root so that a new keyring is used as opposed
> for root.
You can increase the quota by writing to certain proc files. It is
documented in the kernel source: Documentation/security/keys.txt
quoting:
> Four new sysctl files have been added also for the purpose of controlling the
> quota limits on keys:
>
> (*) /proc/sys/kernel/keys/root_maxkeys
> /proc/sys/kernel/keys/root_maxbytes
>
> These files hold the maximum number of keys that root may have and the
> maximum total number of bytes of data that root may have stored in those
> keys.
>
> (*) /proc/sys/kernel/keys/maxkeys
> /proc/sys/kernel/keys/maxbytes
>
> These files hold the maximum number of keys that each non-root user may
> have and the maximum total number of bytes of data that each of those
> users may have stored in their keys.
>
> Root may alter these by writing each new limit as a decimal number string to
> the appropriate file.
-James M
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-04-10 11:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-21 21:20 Max 26 concurrent ecryptfs mounts? Joe Lauer
2016-04-10 11:59 ` James Muir
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).