From: Andrew Morton <akpm@linux-foundation.org>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@linux-foundation.org, kwc@citi.umich.edu,
arunsr@cse.iitk.ac.in, dwalsh@redhat.com,
linux-security-module@vger.kernel.org, dhowells@redhat.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] KEYS: Make the keyring quotas controllable through /proc/sys
Date: Tue, 18 Mar 2008 17:04:38 -0700 [thread overview]
Message-ID: <20080318170438.e4121982.akpm@linux-foundation.org> (raw)
In-Reply-To: <20080313191442.28959.28152.stgit@warthog.procyon.org.uk>
On Thu, 13 Mar 2008 19:14:42 +0000
David Howells <dhowells@redhat.com> wrote:
> Make the keyring quotas controllable through /proc/sys files:
>
> (*) /proc/sys/kernel/keys/root_maxkeys
> /proc/sys/kernel/keys/root_maxbytes
>
> Maximum number of keys that root may have and the maximum total number of
> bytes of data that root may have stored in those keys.
>
> (*) /proc/sys/kernel/keys/maxkeys
> /proc/sys/kernel/keys/maxbytes
>
> Maximum number of keys that each non-root user may have and the maximum
> total number of bytes of data that each of those users may have stored in
> their keys.
>
> Also increase the quotas as a number of people have been complaining that it's
> not big enough. I'm not sure that it's big enough now either, but on the
> other hand, it can now be set in /etc/sysctl.conf.
>
> ...
>
> include/linux/key.h | 5 +++++
> kernel/sysctl.c | 9 +++++++++
> security/keys/Makefile | 1 +
> security/keys/internal.h | 14 ++++++++++----
> security/keys/key.c | 23 ++++++++++++++++++-----
> security/keys/keyctl.c | 12 +++++++++---
> security/keys/proc.c | 9 ++++++---
> 7 files changed, 58 insertions(+), 15 deletions(-)
>
> ...
>
> --- a/security/keys/Makefile
> +++ b/security/keys/Makefile
> @@ -14,3 +14,4 @@ obj-y := \
>
> obj-$(CONFIG_KEYS_COMPAT) += compat.o
> obj-$(CONFIG_PROC_FS) += proc.o
> +obj-$(CONFIG_SYSCTL) += sysctl.o
Could we please have a copy of sysctl.c? The boring old build system seems
to think it's important.
next prev parent reply other threads:[~2008-03-19 20:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-13 19:14 [PATCH 1/3] KEYS: Allow clients to set key perms in key_create_or_update() David Howells
2008-03-13 19:14 ` [PATCH 2/3] KEYS: Don't generate user and user session keyrings unless they're accessed David Howells
2008-03-13 22:20 ` Andrew Morton
2008-03-14 2:30 ` David Howells
2008-03-13 19:14 ` [PATCH 3/3] KEYS: Make the keyring quotas controllable through /proc/sys David Howells
2008-03-13 22:28 ` Andrew Morton
2008-03-14 2:39 ` David Howells
2008-03-14 11:46 ` David Howells
2008-03-13 22:47 ` Andrew Morton
2008-03-14 2:30 ` David Howells
2008-03-19 0:04 ` Andrew Morton [this message]
2008-03-19 11:19 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080318170438.e4121982.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=arunsr@cse.iitk.ac.in \
--cc=dhowells@redhat.com \
--cc=dwalsh@redhat.com \
--cc=kwc@citi.umich.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox