Blame SOURCES/pam-1.3.1-pam-limits-unlimited-value.patch

d6ff77
diff -up Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml.pam-limits-unlimited-value Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml
d6ff77
--- Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml.pam-limits-unlimited-value	2022-01-28 09:45:41.431606850 +0100
d6ff77
+++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf.5.xml	2022-01-28 09:47:31.732430391 +0100
d6ff77
@@ -275,6 +275,8 @@
d6ff77
       All items support the values <emphasis>-1</emphasis>,
d6ff77
       <emphasis>unlimited</emphasis> or <emphasis>infinity</emphasis> indicating no limit,
d6ff77
       except for <emphasis remap='B'>priority</emphasis> and <emphasis remap='B'>nice</emphasis>.
d6ff77
+      If <emphasis remap='B'>nofile</emphasis> is to be set to one of these values,
d6ff77
+      it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)).
d6ff77
     </para>
d6ff77
     <para>
d6ff77
       If a hard limit or soft limit of a resource is set to a valid value,
d6ff77
diff -up Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.pam-limits-unlimited-value Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c
d6ff77
--- Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.pam-limits-unlimited-value	2022-01-28 09:45:41.415606731 +0100
d6ff77
+++ Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c	2022-01-28 09:45:41.431606850 +0100
d6ff77
@@ -487,6 +487,41 @@ static int init_limits(pam_handle_t *pam
d6ff77
     return retval;
d6ff77
 }
d6ff77
 
d6ff77
+/*
d6ff77
+ * Read the contents of <pathname> and return it in *valuep
d6ff77
+ * return 1 if conversion succeeds, result is in *valuep
d6ff77
+ * return 0 if conversion fails, *valuep is untouched.
d6ff77
+ */
d6ff77
+static int
d6ff77
+value_from_file(const char *pathname, rlim_t *valuep)
d6ff77
+{
d6ff77
+    char buf[128];
d6ff77
+    FILE *fp;
d6ff77
+    int retval;
d6ff77
+
d6ff77
+    retval = 0;
d6ff77
+
d6ff77
+    if ((fp = fopen(pathname, "r")) != NULL) {
d6ff77
+	if (fgets(buf, sizeof(buf), fp) != NULL) {
d6ff77
+	    char *endptr;
d6ff77
+	    unsigned long long value;
d6ff77
+
d6ff77
+	    errno = 0;
d6ff77
+	    value = strtoull(buf, &endptr, 10);
d6ff77
+	    if (endptr != buf &&
d6ff77
+		(value != ULLONG_MAX || errno == 0) &&
d6ff77
+                (unsigned long long) (rlim_t) value == value) {
d6ff77
+		*valuep = (rlim_t) value;
d6ff77
+		retval = 1;
d6ff77
+	    }
d6ff77
+	}
d6ff77
+
d6ff77
+	fclose(fp);
d6ff77
+    }
d6ff77
+
d6ff77
+    return retval;
d6ff77
+}
d6ff77
+
d6ff77
 static void
d6ff77
 process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
d6ff77
 	       const char *lim_item, const char *lim_value,
d6ff77
@@ -652,6 +687,20 @@ process_limit (const pam_handle_t *pamh,
d6ff77
 	 rlimit_value = 20 - int_value;
d6ff77
          break;
d6ff77
 #endif
d6ff77
+	case RLIMIT_NOFILE:
d6ff77
+	/*
d6ff77
+	 * If nofile is to be set to "unlimited", try to set it to
d6ff77
+	 * the value in /proc/sys/fs/nr_open instead.
d6ff77
+	 */
d6ff77
+	if (rlimit_value == RLIM_INFINITY) {
d6ff77
+	    if (!value_from_file("/proc/sys/fs/nr_open", &rlimit_value))
d6ff77
+		pam_syslog(pamh, LOG_WARNING,
d6ff77
+			   "Cannot set \"nofile\" to a sensible value");
d6ff77
+	    else if (ctrl & PAM_DEBUG_ARG)
d6ff77
+		pam_syslog(pamh, LOG_DEBUG, "Setting \"nofile\" limit to %llu",
d6ff77
+			   (unsigned long long) rlimit_value);
d6ff77
+	}
d6ff77
+	break;
d6ff77
     }
d6ff77
 
d6ff77
     if ( (limit_item != LIMIT_LOGIN)