URL: https://github.com/SSSD/sssd/pull/705
Title: #705: KCM: Add configurable quotas
jhrozek commented:
"""
OK, I'll squash this diff:
```
diff --git a/src/responder/secrets/secsrv.c b/src/responder/secrets/secsrv.c
index b18bbfd19..e783e231d 100644
--- a/src/responder/secrets/secsrv.c
+++ b/src/responder/secrets/secsrv.c
@@ -98,9 +98,6 @@ static int sec_get_config(struct sec_ctx *sctx)
sctx->max_payload_size = 1;
/* Read the global quota first -- this should be removed in a future
release */
- /* Note that this sets the defaults for the sec_config quota to be used
- * in sec_get_hive_config()
- */
ret = sss_sec_get_quota(sctx->rctx->cdb,
sctx->rctx->confdb_service_path,
&dfl_sec_nest_level,
@@ -114,6 +111,16 @@ static int sec_get_config(struct sec_ctx *sctx)
goto fail;
}
+ /* Use the global quota values as defaults for the secrets/secrets section
*/
+ dfl_sec_nest_level.default_value = \
+ sctx->sec_config.quota.containers_nest_level;
+ dfl_sec_max_secrets.default_value = \
+ sctx->sec_config.quota.max_secrets;
+ dfl_sec_max_uid_secrets.default_value = \
+ sctx->sec_config.quota.max_uid_secrets;
+ dfl_sec_max_payload_size.default_value = \
+ sctx->sec_config.quota.max_payload_size;
+
/* Read the per-hive configuration */
ret = sss_sec_get_hive_config(sctx->rctx->cdb,
"secrets",
```
Into "SECRETS: Use different option names from secrets and KCM for quota
options". The previous code never used the (deprecated) quotas from the global
[secrets] question.
(The removed comment also gives a nice hint at what the previous code did)
"""
See the full comment at
https://github.com/SSSD/sssd/pull/705#issuecomment-446359085
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
