* [PATCH 1/2] KEYS: Document making the keyring quotas controllable through /proc/sys
@ 2008-03-14 11:58 David Howells
2008-03-14 11:58 ` [PATCH 2/2] KEYS: Make key_serial() a function if CONFIG_KEYS=y David Howells
0 siblings, 1 reply; 3+ messages in thread
From: David Howells @ 2008-03-14 11:58 UTC (permalink / raw)
To: torvalds, akpm, kwc
Cc: arunsr, dwalsh, linux-security-module, dhowells, linux-kernel
Alter the key management documentation to include information on keyring quota
controls as added in a previous patch.
Signed-off-by: David Howells <dhowells@redhat.com>
---
Documentation/keys.txt | 24 +++++++++++++++++++++++-
1 files changed, 23 insertions(+), 1 deletions(-)
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index be424b0..d5c7a57 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -170,7 +170,8 @@ The key service provides a number of features besides keys:
amount of description and payload space that can be consumed.
The user can view information on this and other statistics through procfs
- files.
+ files. The root user may also alter the quota limits through sysctl files
+ (see the section "New procfs files").
Process-specific and thread-specific keyrings are not counted towards a
user's quota.
@@ -329,6 +330,27 @@ about the status of the key service:
<bytes>/<max> Key size quota
+Four new sysctl files have been added also for the purpose of controlling the
+quota limits on keys:
+
+ (*) /proc/sys/kernel/keys/root_maxkeys
+ /proc/sys/kernel/keys/root_maxbytes
+
+ These files hold the maximum number of keys that root may have and the
+ maximum total number of bytes of data that root may have stored in those
+ keys.
+
+ (*) /proc/sys/kernel/keys/maxkeys
+ /proc/sys/kernel/keys/maxbytes
+
+ These files hold the maximum number of keys that each non-root user may
+ have and the maximum total number of bytes of data that each of those
+ users may have stored in their keys.
+
+Root may alter these by writing each new limit as a decimal number string to
+the appropriate file.
+
+
===============================
USERSPACE SYSTEM CALL INTERFACE
===============================
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] KEYS: Make key_serial() a function if CONFIG_KEYS=y
2008-03-14 11:58 [PATCH 1/2] KEYS: Document making the keyring quotas controllable through /proc/sys David Howells
@ 2008-03-14 11:58 ` David Howells
2008-03-14 12:11 ` David Howells
0 siblings, 1 reply; 3+ messages in thread
From: David Howells @ 2008-03-14 11:58 UTC (permalink / raw)
To: torvalds, akpm, kwc
Cc: arunsr, dwalsh, linux-security-module, dhowells, linux-kernel
Make key_serial() an inline function rather than a macro if CONFIG_KEYS=y.
This prevents double evaluation of the key pointer and also provides better
type checking.
Signed-off-by: David Howells <dhowells@redhat.com>
---
0 files changed, 0 insertions(+), 0 deletions(-)
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] KEYS: Make key_serial() a function if CONFIG_KEYS=y
2008-03-14 11:58 ` [PATCH 2/2] KEYS: Make key_serial() a function if CONFIG_KEYS=y David Howells
@ 2008-03-14 12:11 ` David Howells
0 siblings, 0 replies; 3+ messages in thread
From: David Howells @ 2008-03-14 12:11 UTC (permalink / raw)
Cc: dhowells, torvalds, akpm, kwc, arunsr, dwalsh,
linux-security-module, linux-kernel
David Howells <dhowells@redhat.com> wrote:
> 0 files changed, 0 insertions(+), 0 deletions(-)
Oops. I really should commit the patch first.
David
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-03-14 12:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-14 11:58 [PATCH 1/2] KEYS: Document making the keyring quotas controllable through /proc/sys David Howells
2008-03-14 11:58 ` [PATCH 2/2] KEYS: Make key_serial() a function if CONFIG_KEYS=y David Howells
2008-03-14 12:11 ` David Howells
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox