diff options
| author | Steve Langasek <vorlon@debian.org> | 2009-03-02 01:16:58 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 17:27:14 -0800 |
| commit | 7a50d08c6e1fa25a1eaa9f43bdd7f3daf63fba84 (patch) | |
| tree | 71b7226460a8c5cfab9141778f8eb31ffd5d540d | |
| parent | 03da1f8ff61ee98501a479b906508a525d374dcf (diff) | |
| download | pam-7a50d08c6e1fa25a1eaa9f43bdd7f3daf63fba84.tar.gz pam-7a50d08c6e1fa25a1eaa9f43bdd7f3daf63fba84.tar.bz2 pam-7a50d08c6e1fa25a1eaa9f43bdd7f3daf63fba84.zip | |
027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY may or may
not be invalid for RLIMIT_NOFILE, but we don't want to set a hard limit
of 1024 by default; try to set this limit to the value of
/proc/sys/fs/nr_open if we can, or fall back to RLIM_INFINITY.
Closes: #515673, LP: #327597.
| -rw-r--r-- | debian/changelog | 10 | ||||
| -rw-r--r-- | debian/patches-applied/027_pam_limits_better_init_allow_explicit_root | 47 |
2 files changed, 48 insertions, 9 deletions
diff --git a/debian/changelog b/debian/changelog index 7ba1b34e..4e6a1702 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +pam (1.0.1-7) UNRELEASED; urgency=low + + * 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY may or may + not be invalid for RLIMIT_NOFILE, but we don't want to set a hard limit + of 1024 by default; try to set this limit to the value of + /proc/sys/fs/nr_open if we can, or fall back to RLIM_INFINITY. + Closes: #515673, LP: #327597. + + -- Steve Langasek <vorlon@debian.org> Mon, 02 Mar 2009 01:07:43 -0800 + pam (1.0.1-6) unstable; urgency=low * Updated debconf translations: diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root index f89bd256..f12ead7c 100644 --- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root +++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root @@ -4,7 +4,18 @@ Index: pam.deb/modules/pam_limits/pam_limits.c =================================================================== --- pam.deb.orig/modules/pam_limits/pam_limits.c +++ pam.deb/modules/pam_limits/pam_limits.c -@@ -74,6 +74,7 @@ +@@ -55,6 +55,10 @@ + #define LIMITS_DEF_DEFAULT 4 /* limit was set by an default entry */ + #define LIMITS_DEF_NONE 5 /* this limit was not set yet */ + ++/* file in /proc on Linux that we read to get the total number of open ++ files allowed on the system */ ++#define NR_OPEN_FILES "/proc/sys/fs/nr_open" ++ + static const char *limits_def_names[] = { + "USER", + "GROUP", +@@ -74,6 +78,7 @@ /* internal data */ struct pam_limit_s { @@ -12,15 +23,33 @@ Index: pam.deb/modules/pam_limits/pam_limits.c int login_limit; /* the max logins limit */ int login_limit_def; /* which entry set the login limit */ int flag_numsyslogins; /* whether to limit logins only for a -@@ -231,6 +232,7 @@ +@@ -228,9 +233,25 @@ + { + int i; + int retval = PAM_SUCCESS; ++ static rlim_t nofiles_max = RLIM_INFINITY; ++ static int nofiles_init = 0; D(("called.")); ++ if (nofiles_init == 0) { ++ FILE *nr_open; ++ unsigned long long ull_nofiles = 0; ++ ++ nofiles_init = 1; ++ nr_open = fopen(NR_OPEN_FILES, "r"); ++ if (nr_open != NULL) { ++ if (fscanf(nr_open, "%Lu", &ull_nofiles) == 1) ++ nofiles_max = ull_nofiles; ++ fclose(nr_open); ++ } ++ } ++ + pl->root = 0; for(i = 0; i < RLIM_NLIMITS; i++) { int r = getrlimit(i, &pl->limits[i].limit); if (r == -1) { -@@ -242,6 +244,41 @@ +@@ -242,6 +263,41 @@ pl->limits[i].supported = 1; pl->limits[i].src_soft = LIMITS_DEF_NONE; pl->limits[i].src_hard = LIMITS_DEF_NONE; @@ -56,13 +85,13 @@ Index: pam.deb/modules/pam_limits/pam_limits.c + break; + case RLIMIT_NOFILE: + pl->limits[i].limit.rlim_cur = 1024; -+ pl->limits[i].limit.rlim_max = 1024; ++ pl->limits[i].limit.rlim_max = nofiles_max; + break; + } } } -@@ -524,7 +561,7 @@ +@@ -524,7 +580,7 @@ if (strcmp(uname, domain) == 0) /* this user have a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); @@ -71,7 +100,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -533,7 +570,7 @@ +@@ -533,7 +589,7 @@ if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); @@ -80,7 +109,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -547,7 +584,7 @@ +@@ -547,7 +603,7 @@ process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, pl); } @@ -89,7 +118,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); } else if (i == 2 && ltype[0] == '-') { /* Probably a no-limit line */ -@@ -582,6 +619,12 @@ +@@ -582,6 +638,12 @@ int status; int retval = LIMITED_OK; @@ -102,7 +131,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) { if (!pl->limits[i].supported) { /* skip it if its not known to the system */ -@@ -675,6 +718,8 @@ +@@ -675,6 +737,8 @@ return PAM_ABORT; } |