From c4537f0442ac7ecbf8c946de45004992e17d535f Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Wed, 17 Mar 2010 11:56:12 +0000 Subject: [PATCH] Don't count root session keyrings against quota AFS PAM modules can call setpag() as root, regardless of the UID being authenticated. This leads to the session keyring being created using roots quota - on some systems (RHEL5) this quota is both small, and of a fixed size. Modify our keyring allocation code so that when a keyring is created by root, we don't do any quota checks. Change-Id: I2ee151ec1166a78475047bffd2c1d31f45e8dbdf Reported-by: Rainer Toebbicke Reviewed-on: http://gerrit.openafs.org/1577 Tested-by: Rainer Toebbicke Reviewed-by: Derrick Brashear --- src/afs/LINUX/osi_groups.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/afs/LINUX/osi_groups.c b/src/afs/LINUX/osi_groups.c index dfe2dcafed..3e73072060 100644 --- a/src/afs/LINUX/osi_groups.c +++ b/src/afs/LINUX/osi_groups.c @@ -174,6 +174,7 @@ install_session_keyring(struct key *keyring) struct key *old; char desc[20]; int code = -EINVAL; + int flags; if (!__key_type_keyring) return code; @@ -183,11 +184,19 @@ install_session_keyring(struct key *keyring) /* create an empty session keyring */ sprintf(desc, "_ses.%u", current->tgid); + /* if we're root, don't count the keyring against our quota. This + * avoids starvation issues when dealing with PAM modules that always + * setpag() as root */ + if (current_uid() == 0) + flags = KEY_ALLOC_NOT_IN_QUOTA; + else + flags = KEY_ALLOC_IN_QUOTA; + keyring = afs_linux_key_alloc( __key_type_keyring, desc, current_uid(), current_gid(), (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, - KEY_ALLOC_IN_QUOTA); + flags); if (IS_ERR(keyring)) { code = PTR_ERR(keyring);