X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=Documentation%2Fkeys.txt;h=b56aacc1fff864022dbdf67aac997d54f0d14f32;hb=b583f26d510ee1aef7348f38f1d959212f66b5e5;hp=be424b02437ddf975bc7d97512e05950d6083915;hpb=70a5bb72b55e82fbfbf1e22cae6975fac58a1e2d;p=safe%2Fjmp%2Flinux-2.6 diff --git a/Documentation/keys.txt b/Documentation/keys.txt index be424b0..b56aacc 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt @@ -170,7 +170,8 @@ The key service provides a number of features besides keys: amount of description and payload space that can be consumed. The user can view information on this and other statistics through procfs - files. + files. The root user may also alter the quota limits through sysctl files + (see the section "New procfs files"). Process-specific and thread-specific keyrings are not counted towards a user's quota. @@ -329,6 +330,27 @@ about the status of the key service: / Key size quota +Four new sysctl files have been added also for the purpose of controlling the +quota limits on keys: + + (*) /proc/sys/kernel/keys/root_maxkeys + /proc/sys/kernel/keys/root_maxbytes + + These files hold the maximum number of keys that root may have and the + maximum total number of bytes of data that root may have stored in those + keys. + + (*) /proc/sys/kernel/keys/maxkeys + /proc/sys/kernel/keys/maxbytes + + These files hold the maximum number of keys that each non-root user may + have and the maximum total number of bytes of data that each of those + users may have stored in their keys. + +Root may alter these by writing each new limit as a decimal number string to +the appropriate file. + + =============================== USERSPACE SYSTEM CALL INTERFACE =============================== @@ -842,7 +864,7 @@ payload contents" for more information. request_key_with_auxdata() respectively. These two functions return with the key potentially still under - construction. To wait for contruction completion, the following should be + construction. To wait for construction completion, the following should be called: int wait_for_key_construction(struct key *key, bool intr);