5d135440fa
Add garbage collection for dead, revoked and expired keys. This involved erasing all links to such keys from keyrings that point to them. At that point, the key will be deleted in the normal manner. Keyrings from which garbage collection occurs are shrunk and their quota consumption reduced as appropriate. Dead keys (for which the key type has been removed) will be garbage collected immediately. Revoked and expired keys will hang around for a number of seconds, as set in /proc/sys/kernel/keys/gc_delay before being automatically removed. The default is 5 minutes. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
70 lines
1.7 KiB
C
70 lines
1.7 KiB
C
/* Key management controls
|
|
*
|
|
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public Licence
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/key.h>
|
|
#include <linux/sysctl.h>
|
|
#include "internal.h"
|
|
|
|
static const int zero, one = 1, max = INT_MAX;
|
|
|
|
ctl_table key_sysctls[] = {
|
|
{
|
|
.ctl_name = CTL_UNNUMBERED,
|
|
.procname = "maxkeys",
|
|
.data = &key_quota_maxkeys,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = &proc_dointvec_minmax,
|
|
.extra1 = (void *) &one,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{
|
|
.ctl_name = CTL_UNNUMBERED,
|
|
.procname = "maxbytes",
|
|
.data = &key_quota_maxbytes,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = &proc_dointvec_minmax,
|
|
.extra1 = (void *) &one,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{
|
|
.ctl_name = CTL_UNNUMBERED,
|
|
.procname = "root_maxkeys",
|
|
.data = &key_quota_root_maxkeys,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = &proc_dointvec_minmax,
|
|
.extra1 = (void *) &one,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{
|
|
.ctl_name = CTL_UNNUMBERED,
|
|
.procname = "root_maxbytes",
|
|
.data = &key_quota_root_maxbytes,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = &proc_dointvec_minmax,
|
|
.extra1 = (void *) &one,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{
|
|
.ctl_name = CTL_UNNUMBERED,
|
|
.procname = "gc_delay",
|
|
.data = &key_gc_delay,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = &proc_dointvec_minmax,
|
|
.extra1 = (void *) &zero,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{ .ctl_name = 0 }
|
|
};
|