struct key *old;
char desc[20];
int code = -EINVAL;
+ int flags;
if (!__key_type_keyring)
return code;
/* create an empty session keyring */
sprintf(desc, "_ses.%u", current->tgid);
+ /* if we're root, don't count the keyring against our quota. This
+ * avoids starvation issues when dealing with PAM modules that always
+ * setpag() as root */
+ if (current_uid() == 0)
+ flags = KEY_ALLOC_NOT_IN_QUOTA;
+ else
+ flags = KEY_ALLOC_IN_QUOTA;
+
keyring = afs_linux_key_alloc(
__key_type_keyring, desc,
current_uid(), current_gid(),
(KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
- KEY_ALLOC_IN_QUOTA);
+ flags);
if (IS_ERR(keyring)) {
code = PTR_ERR(keyring);