aboutsummaryrefslogtreecommitdiff
path: root/patches-applied/008_modules_pam_limits_chroot
diff options
context:
space:
mode:
Diffstat (limited to 'patches-applied/008_modules_pam_limits_chroot')
-rw-r--r--patches-applied/008_modules_pam_limits_chroot346
1 files changed, 0 insertions, 346 deletions
diff --git a/patches-applied/008_modules_pam_limits_chroot b/patches-applied/008_modules_pam_limits_chroot
deleted file mode 100644
index b00ba90f..00000000
--- a/patches-applied/008_modules_pam_limits_chroot
+++ /dev/null
@@ -1,346 +0,0 @@
-Index: Linux-PAM/modules/pam_limits/pam_limits.c
-===================================================================
---- Linux-PAM/modules/pam_limits/pam_limits.c.orig
-+++ Linux-PAM/modules/pam_limits/pam_limits.c
-@@ -74,6 +74,7 @@
- int flag_numsyslogins; /* whether to limit logins only for a
- specific user or to count all logins */
- int priority; /* the priority to run user process with */
-+ char chroot_dir[8092]; /* directory to chroot into */
- struct user_limits_struct limits[RLIM_NLIMITS];
- char conf_file[BUFSIZ];
- int utmp_after_pam_call;
-@@ -84,6 +85,7 @@
- #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2
-
- #define LIMIT_PRI RLIM_NLIMITS+3
-+#define LIMIT_CHROOT RLIM_NLIMITS+4
-
- #define LIMIT_SOFT 1
- #define LIMIT_HARD 2
-@@ -238,6 +240,8 @@
- pl->login_limit = -2;
- pl->login_limit_def = LIMITS_DEF_NONE;
-
-+ pl->chroot_dir[0] = '\0';
-+
- return retval;
- }
-
-@@ -306,6 +310,8 @@
- pl->flag_numsyslogins = 1;
- } else if (strcmp(lim_item, "priority") == 0) {
- limit_item = LIMIT_PRI;
-+ } else if (strcmp(lim_item, "chroot") == 0) {
-+ limit_item = LIMIT_CHROOT;
- } else {
- pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item);
- return;
-@@ -343,9 +349,9 @@
- pam_syslog(pamh, LOG_DEBUG,
- "wrong limit value '%s' for limit type '%s'",
- lim_value, lim_type);
-- return;
-+ return;
- }
-- } else {
-+ } else if (limit_item != LIMIT_CHROOT) {
- #ifdef __USE_FILE_OFFSET64
- rlimit_value = strtoull (lim_value, &endptr, 10);
- #else
-@@ -392,7 +398,9 @@
- break;
- }
-
-- if ( (limit_item != LIMIT_LOGIN)
-+ if (limit_item == LIMIT_CHROOT)
-+ strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir));
-+ else if ( (limit_item != LIMIT_LOGIN)
- && (limit_item != LIMIT_NUMSYSLOGINS)
- && (limit_item != LIMIT_PRI) ) {
- if (limit_type & LIMIT_SOFT) {
-@@ -590,6 +598,13 @@
- retval |= LOGIN_ERR;
- }
-
-+ if (!retval && pl->chroot_dir[0]) {
-+ i = chdir(pl->chroot_dir);
-+ if (i == 0)
-+ i = chroot(pl->chroot_dir);
-+ if (i != 0)
-+ retval = LIMIT_ERR;
-+ }
- return retval;
- }
-
-Index: Linux-PAM/modules/pam_limits/limits.conf.5.xml
-===================================================================
---- Linux-PAM/modules/pam_limits/limits.conf.5.xml.orig
-+++ Linux-PAM/modules/pam_limits/limits.conf.5.xml
-@@ -223,6 +223,12 @@
- (Linux 2.6.12 and higher)</para>
- </listitem>
- </varlistentry>
-+ <varlistentry>
-+ <term><option>chroot</option></term>
-+ <listitem>
-+ <para>the directory to chroot the user to</para>
-+ </listitem>
-+ </varlistentry>
- </variablelist>
- </listitem>
- </varlistentry>
-Index: Linux-PAM/modules/pam_limits/limits.conf.5
-===================================================================
---- Linux-PAM/modules/pam_limits/limits.conf.5.orig
-+++ Linux-PAM/modules/pam_limits/limits.conf.5
-@@ -1,11 +1,11 @@
- .\" Title: limits.conf
- .\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
--.\" Date: 06/22/2006
--.\" Manual: Linux\-PAM Manual
--.\" Source: Linux\-PAM Manual
-+.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/>
-+.\" Date: 08/19/2007
-+.\" Manual: Linux-PAM Manual
-+.\" Source: Linux-PAM Manual
- .\"
--.TH "LIMITS.CONF" "5" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
-+.TH "LIMITS.CONF" "5" "08/19/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
- .\" disable hyphenation
- .nh
- .\" disable justification (adjust text to left margin only)
-@@ -23,38 +23,45 @@
- \fI<value>\fR
- .PP
- The fields listed above should be filled as follows:
--.TP 3n
-+.PP
- \fB<domain>\fR
--.RS 3n
--.TP 3n
--\(bu
--a username
--.TP 3n
--\(bu
--a groupname, with
-+.RS 4
-+.sp
-+.RS 4
-+\h'-04'\(bu\h'+03'a username
-+.RE
-+.sp
-+.RS 4
-+\h'-04'\(bu\h'+03'a groupname, with
- \fB@group\fR
- syntax. This should not be confused with netgroups.
--.TP 3n
--\(bu
--the wildcard
-+.RE
-+.sp
-+.RS 4
-+\h'-04'\(bu\h'+03'the wildcard
- \fB*\fR, for default entry.
--.TP 3n
--\(bu
--the wildcard
-+.RE
-+.sp
-+.RS 4
-+\h'-04'\(bu\h'+03'the wildcard
- \fB%\fR, for maxlogins limit only, can also be used with
- \fI%group\fR
- syntax.
- .RE
--.TP 3n
-+.RE
-+.PP
- \fB<type>\fR
--.RS 3n
--.TP 3n
-+.RS 4
-+.PP
- \fBhard\fR
-+.RS 4
- for enforcing
- \fBhard\fR
- resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values.
--.TP 3n
-+.RE
-+.PP
- \fBsoft\fR
-+.RS 4
- for enforcing
- \fBsoft\fR
- resource limits. These limits are ones that the user can move up or down within the permitted range by any pre\-exisiting
-@@ -62,8 +69,10 @@
- limits. The values specified with this token can be thought of as
- \fIdefault\fR
- values, for normal system usage.
--.TP 3n
-+.RE
-+.PP
- \fB\-\fR
-+.RS 4
- for enforcing both
- \fBsoft\fR
- and
-@@ -72,65 +81,107 @@
- .sp
- Note, if you specify a type of '\-' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc. .
- .RE
--.TP 3n
-+.RE
-+.PP
- \fB<item>\fR
--.RS 3n
--.TP 3n
-+.RS 4
-+.PP
- \fBcore\fR
-+.RS 4
- limits the core file size (KB)
--.TP 3n
-+.RE
-+.PP
- \fBdata\fR
-+.RS 4
- maximum data size (KB)
--.TP 3n
-+.RE
-+.PP
- \fBfsize\fR
-+.RS 4
- maximum filesize (KB)
--.TP 3n
-+.RE
-+.PP
- \fBmemlock\fR
-+.RS 4
- maximum locked\-in\-memory address space (KB)
--.TP 3n
-+.RE
-+.PP
- \fBnofile\fR
-+.RS 4
- maximum number of open files
--.TP 3n
-+.RE
-+.PP
- \fBrss\fR
-+.RS 4
- maximum resident set size (KB)
--.TP 3n
-+.RE
-+.PP
- \fBstack\fR
-+.RS 4
- maximum stack size (KB)
--.TP 3n
-+.RE
-+.PP
- \fBcpu\fR
-+.RS 4
- maximum CPU time (minutes)
--.TP 3n
-+.RE
-+.PP
- \fBnproc\fR
-+.RS 4
- maximum number of processes
--.TP 3n
-+.RE
-+.PP
- \fBas\fR
-+.RS 4
- address space limit
--.TP 3n
-+.RE
-+.PP
- \fBmaxlogins\fR
-+.RS 4
- maximum number of logins for this user
--.TP 3n
-+.RE
-+.PP
- \fBmaxsyslogins\fR
-+.RS 4
- maximum number of logins on system
--.TP 3n
-+.RE
-+.PP
- \fBpriority\fR
-+.RS 4
- the priority to run user process with (negative values boost process priority)
--.TP 3n
-+.RE
-+.PP
- \fBlocks\fR
-+.RS 4
- maximum locked files (Linux 2.4 and higher)
--.TP 3n
-+.RE
-+.PP
- \fBsigpending\fR
-+.RS 4
- maximum number of pending signals (Linux 2.6 and higher)
--.TP 3n
-+.RE
-+.PP
- \fBmsqqueue\fR
-+.RS 4
- maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher)
--.TP 3n
-+.RE
-+.PP
- \fBnice\fR
-+.RS 4
- maximum nice priority allowed to raise to (Linux 2.6.12 and higher)
--.TP 3n
-+.RE
-+.PP
- \fBrtprio\fR
-+.RS 4
- maximum realtime priority allowed for non\-privileged processes (Linux 2.6.12 and higher)
- .RE
- .PP
-+\fBchroot\fR
-+.RS 4
-+the directory to chroot the user to
-+.RE
-+.RE
-+.PP
- In general, individual limits have priority over group limits, so if you impose no limits for
- \fIadmin\fR
- group, but one of the members in this group have a limits line, the user will have its limits set according to this line.
-@@ -149,7 +200,7 @@
- These are some example lines which might be specified in
- \fI/etc/security/limits.conf\fR.
- .sp
--.RS 3n
-+.RS 4
- .nf
- * soft core 0
- * hard rss 10000
-Index: Linux-PAM/modules/pam_limits/limits.conf
-===================================================================
---- Linux-PAM/modules/pam_limits/limits.conf.orig
-+++ Linux-PAM/modules/pam_limits/limits.conf
-@@ -35,6 +35,7 @@
- # - msgqueue - max memory used by POSIX message queues (bytes)
- # - nice - max nice priority allowed to raise to
- # - rtprio - max realtime priority
-+# - chroot - change root to directory (Debian-specific)
- #
- #<domain> <type> <item> <value>
- #
-@@ -45,6 +46,7 @@
- #@faculty soft nproc 20
- #@faculty hard nproc 50
- #ftp hard nproc 0
-+#ftp - chroot /ftp
- #@student - maxlogins 4
-
- # End of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-11 03:01:55 +0000