171 lines
6.4 KiB
Diff
171 lines
6.4 KiB
Diff
Index: Linux-PAM-1.3.0/modules/pam_limits/pam_limits.c
|
|
===================================================================
|
|
--- Linux-PAM-1.3.0.orig/modules/pam_limits/pam_limits.c
|
|
+++ Linux-PAM-1.3.0/modules/pam_limits/pam_limits.c
|
|
@@ -487,6 +487,55 @@ static int init_limits(pam_handle_t *pam
|
|
return retval;
|
|
}
|
|
|
|
+/*
|
|
+ * Read the contents of /proc/sys/fs/<name>
|
|
+ * return 1 if conversion succeeds, result is in *valuep
|
|
+ * return 0 if conversion fails.
|
|
+ */
|
|
+static int
|
|
+value_from_proc_sys_fs(const char *name, rlim_t *valuep)
|
|
+{
|
|
+ char pathname[128];
|
|
+ char buf[128];
|
|
+ FILE *fp;
|
|
+ int retval;
|
|
+
|
|
+ retval = 0;
|
|
+
|
|
+ snprintf(pathname, sizeof(pathname), "/proc/sys/fs/%s", name);
|
|
+
|
|
+ if ((fp = fopen(pathname, "r")) != NULL) {
|
|
+ if (fgets(buf, sizeof(buf), fp) != NULL) {
|
|
+ char *endptr;
|
|
+
|
|
+#ifdef __USE_FILE_OFFSET64
|
|
+ *valuep = strtoull(buf, &endptr, 10);
|
|
+#else
|
|
+ *valuep = strtoul(buf, &endptr, 10);
|
|
+#endif
|
|
+
|
|
+ retval = (endptr != buf);
|
|
+ }
|
|
+
|
|
+ fclose(fp);
|
|
+ }
|
|
+
|
|
+ return retval;
|
|
+}
|
|
+
|
|
+/*
|
|
+ * Check if the string passed as the argument corresponds to
|
|
+ * "unlimited"
|
|
+ */
|
|
+static inline int
|
|
+is_unlimited(const char *lim_value)
|
|
+{
|
|
+ return strcmp(lim_value, "-1") == 0
|
|
+ || strcmp(lim_value, "-") == 0
|
|
+ || strcmp(lim_value, "unlimited") == 0
|
|
+ || strcmp(lim_value, "infinity") == 0;
|
|
+}
|
|
+
|
|
static void
|
|
process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
|
|
const char *lim_item, const char *lim_value,
|
|
@@ -569,13 +618,12 @@ process_limit (const pam_handle_t *pamh,
|
|
pam_syslog(pamh, LOG_DEBUG, "unknown limit type '%s'", lim_type);
|
|
return;
|
|
}
|
|
+
|
|
if (limit_item != LIMIT_PRI
|
|
#ifdef RLIMIT_NICE
|
|
&& limit_item != RLIMIT_NICE
|
|
#endif
|
|
- && (strcmp(lim_value, "-1") == 0
|
|
- || strcmp(lim_value, "-") == 0 || strcmp(lim_value, "unlimited") == 0
|
|
- || strcmp(lim_value, "infinity") == 0)) {
|
|
+ && is_unlimited(lim_value)) {
|
|
int_value = -1;
|
|
rlimit_value = RLIM_INFINITY;
|
|
} else if (limit_item == LIMIT_PRI || limit_item == LIMIT_LOGIN ||
|
|
@@ -591,7 +639,7 @@ process_limit (const pam_handle_t *pamh,
|
|
pam_syslog(pamh, LOG_DEBUG,
|
|
"wrong limit value '%s' for limit type '%s'",
|
|
lim_value, lim_type);
|
|
- return;
|
|
+ return;
|
|
}
|
|
} else {
|
|
#ifdef __USE_FILE_OFFSET64
|
|
@@ -652,6 +700,19 @@ process_limit (const pam_handle_t *pamh,
|
|
rlimit_value = 20 - int_value;
|
|
break;
|
|
#endif
|
|
+ case RLIMIT_NOFILE:
|
|
+ /*
|
|
+ * If nofile is to be set to "unlimited", try to set it to
|
|
+ * the value in /proc/sys/fs/nr_open instead.
|
|
+ */
|
|
+ if (rlimit_value == RLIM_INFINITY) {
|
|
+ if (!value_from_proc_sys_fs("nr_open", &rlimit_value))
|
|
+ pam_syslog(pamh, LOG_DEBUG,
|
|
+ "Cannot set \"nofile\" to a sensible value");
|
|
+ else
|
|
+ pam_syslog(pamh, LOG_WARNING, "Setting \"nofile\" limit to %lu", (long unsigned) rlimit_value);
|
|
+ }
|
|
+ break;
|
|
}
|
|
|
|
if ( (limit_item != LIMIT_LOGIN)
|
|
Index: Linux-PAM-1.3.0/doc/sag/Linux-PAM_SAG.txt
|
|
===================================================================
|
|
--- Linux-PAM-1.3.0.orig/doc/sag/Linux-PAM_SAG.txt
|
|
+++ Linux-PAM-1.3.0/doc/sag/Linux-PAM_SAG.txt
|
|
@@ -2408,7 +2408,10 @@ The fields listed above should be filled
|
|
2.6.12 and higher)
|
|
|
|
All items support the values -1, unlimited or infinity indicating no limit,
|
|
-except for priority and nice.
|
|
+except for priority, and nice.
|
|
+
|
|
+If nofile is to be set to one of these values,
|
|
+it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)).
|
|
|
|
If a hard limit or soft limit of a resource is set to a valid value, but
|
|
outside of the supported range of the local system, the system may reject the
|
|
Index: Linux-PAM-1.3.0/doc/sag/html/sag-pam_limits.html
|
|
===================================================================
|
|
--- Linux-PAM-1.3.0.orig/doc/sag/html/sag-pam_limits.html
|
|
+++ Linux-PAM-1.3.0/doc/sag/html/sag-pam_limits.html
|
|
@@ -102,6 +102,9 @@
|
|
All items support the values <span class="emphasis"><em>-1</em></span>,
|
|
<span class="emphasis"><em>unlimited</em></span> or <span class="emphasis"><em>infinity</em></span> indicating no limit,
|
|
except for <span class="emphasis"><em>priority</em></span> and <span class="emphasis"><em>nice</em></span>.
|
|
+ If <span class="emphasis"><em>nofile</em></span> is to be set to one of these values,
|
|
+ it will be set to the contents of <em class="replaceable"><code>/proc/sys/fs/nr_open</code></em> instead
|
|
+ (see <span class="citerefentry"><span class="refentrytitle">setrlimit</span>(3)</span>).
|
|
</p><p>
|
|
If a hard limit or soft limit of a resource is set to a valid value,
|
|
but outside of the supported range of the local system, the system
|
|
Index: Linux-PAM-1.3.0/modules/pam_limits/limits.conf.5
|
|
===================================================================
|
|
--- Linux-PAM-1.3.0.orig/modules/pam_limits/limits.conf.5
|
|
+++ Linux-PAM-1.3.0/modules/pam_limits/limits.conf.5
|
|
@@ -282,6 +282,8 @@ indicating no limit, except for
|
|
\fBpriority\fR
|
|
and
|
|
\fBnice\fR\&.
|
|
+If \fBnofile\fP is to be set to one of these values,
|
|
+it will be set to the contents of \fI/proc/sys/fs/nr_open\fP instead (see \fBsetrlimit\fP(3))\&.
|
|
.PP
|
|
If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur\&. If the control value
|
|
\fIrequired\fR
|
|
@@ -331,7 +333,8 @@ ftp hard nproc
|
|
\fBpam_limits\fR(8),
|
|
\fBpam.d\fR(5),
|
|
\fBpam\fR(8),
|
|
-\fBgetrlimit\fR(2)\fBgetrlimit\fR(3p)
|
|
+\fBgetrlimit\fR(2),
|
|
+\fBgetrlimit\fR(3p)
|
|
.SH "AUTHOR"
|
|
.PP
|
|
pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com>
|
|
Index: Linux-PAM-1.3.0/modules/pam_limits/limits.conf.5.xml
|
|
===================================================================
|
|
--- Linux-PAM-1.3.0.orig/modules/pam_limits/limits.conf.5.xml
|
|
+++ Linux-PAM-1.3.0/modules/pam_limits/limits.conf.5.xml
|
|
@@ -275,6 +275,8 @@
|
|
All items support the values <emphasis>-1</emphasis>,
|
|
<emphasis>unlimited</emphasis> or <emphasis>infinity</emphasis> indicating no limit,
|
|
except for <emphasis remap='B'>priority</emphasis> and <emphasis remap='B'>nice</emphasis>.
|
|
+ If <emphasis remap='B'>nofile</emphasis> is to be set to one of these values,
|
|
+ it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)).
|
|
</para>
|
|
<para>
|
|
If a hard limit or soft limit of a resource is set to a valid value,
|