From a3812f211a56c0d6e0a7ff8a97f157707d3d8c28 Mon Sep 17 00:00:00 2001 From: Marc Dionne Date: Tue, 26 Jan 2010 19:48:24 -0500 Subject: [PATCH] Linux: don't count pag keys against root's keyring quotas Keys associated with PAGs are created with root ownership for security reasons, which means that they count agains root's keyring quotas. The default configuration used by most distros restricts root to the same quotas as a regular user, so a single user can potentially fill up the quota and prevent new pags from getting created system-wide. This can also be an issue for busy multi-user systems where the default maximum number of keys (200 currently) can easily be reached. Change-Id: I37e3f3d881facff9b14f2057b404d4b441e72305 Change-Id: Id1ef2d5a7109d8ee7c08aa81dfd98ecf951c8ba8 Reviewed-on: http://gerrit.openafs.org/1167 Reviewed-by: Marc Dionne Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/afs/LINUX/osi_compat.h | 8 ++++++++ src/afs/LINUX/osi_groups.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/afs/LINUX/osi_compat.h b/src/afs/LINUX/osi_compat.h index 866d3fc57..5e5205695 100644 --- a/src/afs/LINUX/osi_compat.h +++ b/src/afs/LINUX/osi_compat.h @@ -194,4 +194,12 @@ afs_linux_cred_is_current(afs_ucred_t *cred) } #endif +#ifdef LINUX_KEYRING_SUPPORT +# ifndef KEY_ALLOC_NOT_IN_QUOTA +# define KEY_ALLOC_NOT_IN_QUOTA 1 +# endif +# ifndef KEY_ALLOC_IN_QUOTA +# define KEY_ALLOC_IN_QUOTA 0 +# endif +#endif #endif diff --git a/src/afs/LINUX/osi_groups.c b/src/afs/LINUX/osi_groups.c index 835e1e212..b1fc848fb 100644 --- a/src/afs/LINUX/osi_groups.c +++ b/src/afs/LINUX/osi_groups.c @@ -236,7 +236,7 @@ setpag(cred_t **cr, afs_uint32 pagvalue, afs_uint32 *newpag, perm = KEY_POS_VIEW | KEY_POS_SEARCH; perm |= KEY_USR_VIEW | KEY_USR_SEARCH; - key = afs_linux_key_alloc(&key_type_afs_pag, "_pag", 0, 0, perm, 1); + key = afs_linux_key_alloc(&key_type_afs_pag, "_pag", 0, 0, perm, KEY_ALLOC_NOT_IN_QUOTA); if (!IS_ERR(key)) { key_instantiate_and_link(key, (void *) newpag, sizeof(afs_uint32), -- 2.39.5