|
|
d6ff77 |
diff -up Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml.pam-limits-unlimited-value Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml
|
|
|
d6ff77 |
--- Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml.pam-limits-unlimited-value 2022-01-28 09:45:41.431606850 +0100
|
|
|
d6ff77 |
+++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml 2022-01-28 09:47:31.732430391 +0100
|
|
|
d6ff77 |
@@ -275,6 +275,8 @@
|
|
|
d6ff77 |
All items support the values <emphasis>-1</emphasis>,
|
|
|
d6ff77 |
<emphasis>unlimited</emphasis> or <emphasis>infinity</emphasis> indicating no limit,
|
|
|
d6ff77 |
except for <emphasis remap='B'>priority</emphasis> and <emphasis remap='B'>nice</emphasis>.
|
|
|
d6ff77 |
+ If <emphasis remap='B'>nofile</emphasis> is to be set to one of these values,
|
|
|
d6ff77 |
+ it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)).
|
|
|
d6ff77 |
</para>
|
|
|
d6ff77 |
<para>
|
|
|
d6ff77 |
If a hard limit or soft limit of a resource is set to a valid value,
|
|
|
d6ff77 |
diff -up Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.pam-limits-unlimited-value Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c
|
|
|
d6ff77 |
--- Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.pam-limits-unlimited-value 2022-01-28 09:45:41.415606731 +0100
|
|
|
d6ff77 |
+++ Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c 2022-01-28 09:45:41.431606850 +0100
|
|
|
d6ff77 |
@@ -487,6 +487,41 @@ static int init_limits(pam_handle_t *pam
|
|
|
d6ff77 |
return retval;
|
|
|
d6ff77 |
}
|
|
|
d6ff77 |
|
|
|
d6ff77 |
+/*
|
|
|
d6ff77 |
+ * Read the contents of <pathname> and return it in *valuep
|
|
|
d6ff77 |
+ * return 1 if conversion succeeds, result is in *valuep
|
|
|
d6ff77 |
+ * return 0 if conversion fails, *valuep is untouched.
|
|
|
d6ff77 |
+ */
|
|
|
d6ff77 |
+static int
|
|
|
d6ff77 |
+value_from_file(const char *pathname, rlim_t *valuep)
|
|
|
d6ff77 |
+{
|
|
|
d6ff77 |
+ char buf[128];
|
|
|
d6ff77 |
+ FILE *fp;
|
|
|
d6ff77 |
+ int retval;
|
|
|
d6ff77 |
+
|
|
|
d6ff77 |
+ retval = 0;
|
|
|
d6ff77 |
+
|
|
|
d6ff77 |
+ if ((fp = fopen(pathname, "r")) != NULL) {
|
|
|
d6ff77 |
+ if (fgets(buf, sizeof(buf), fp) != NULL) {
|
|
|
d6ff77 |
+ char *endptr;
|
|
|
d6ff77 |
+ unsigned long long value;
|
|
|
d6ff77 |
+
|
|
|
d6ff77 |
+ errno = 0;
|
|
|
d6ff77 |
+ value = strtoull(buf, &endptr, 10);
|
|
|
d6ff77 |
+ if (endptr != buf &&
|
|
|
d6ff77 |
+ (value != ULLONG_MAX || errno == 0) &&
|
|
|
d6ff77 |
+ (unsigned long long) (rlim_t) value == value) {
|
|
|
d6ff77 |
+ *valuep = (rlim_t) value;
|
|
|
d6ff77 |
+ retval = 1;
|
|
|
d6ff77 |
+ }
|
|
|
d6ff77 |
+ }
|
|
|
d6ff77 |
+
|
|
|
d6ff77 |
+ fclose(fp);
|
|
|
d6ff77 |
+ }
|
|
|
d6ff77 |
+
|
|
|
d6ff77 |
+ return retval;
|
|
|
d6ff77 |
+}
|
|
|
d6ff77 |
+
|
|
|
d6ff77 |
static void
|
|
|
d6ff77 |
process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
|
|
|
d6ff77 |
const char *lim_item, const char *lim_value,
|
|
|
d6ff77 |
@@ -652,6 +687,20 @@ process_limit (const pam_handle_t *pamh,
|
|
|
d6ff77 |
rlimit_value = 20 - int_value;
|
|
|
d6ff77 |
break;
|
|
|
d6ff77 |
#endif
|
|
|
d6ff77 |
+ case RLIMIT_NOFILE:
|
|
|
d6ff77 |
+ /*
|
|
|
d6ff77 |
+ * If nofile is to be set to "unlimited", try to set it to
|
|
|
d6ff77 |
+ * the value in /proc/sys/fs/nr_open instead.
|
|
|
d6ff77 |
+ */
|
|
|
d6ff77 |
+ if (rlimit_value == RLIM_INFINITY) {
|
|
|
d6ff77 |
+ if (!value_from_file("/proc/sys/fs/nr_open", &rlimit_value))
|
|
|
d6ff77 |
+ pam_syslog(pamh, LOG_WARNING,
|
|
|
d6ff77 |
+ "Cannot set \"nofile\" to a sensible value");
|
|
|
d6ff77 |
+ else if (ctrl & PAM_DEBUG_ARG)
|
|
|
d6ff77 |
+ pam_syslog(pamh, LOG_DEBUG, "Setting \"nofile\" limit to %llu",
|
|
|
d6ff77 |
+ (unsigned long long) rlimit_value);
|
|
|
d6ff77 |
+ }
|
|
|
d6ff77 |
+ break;
|
|
|
d6ff77 |
}
|
|
|
d6ff77 |
|
|
|
d6ff77 |
if ( (limit_item != LIMIT_LOGIN)
|