diff options
Diffstat (limited to 'debian/patches-applied/008_modules_pam_limits_chroot')
-rw-r--r-- | debian/patches-applied/008_modules_pam_limits_chroot | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot index acbdc1a9..7a86fdd5 100644 --- a/debian/patches-applied/008_modules_pam_limits_chroot +++ b/debian/patches-applied/008_modules_pam_limits_chroot @@ -2,19 +2,19 @@ Index: pam/modules/pam_limits/pam_limits.c =================================================================== --- pam.orig/modules/pam_limits/pam_limits.c +++ pam/modules/pam_limits/pam_limits.c -@@ -88,6 +88,7 @@ - int flag_numsyslogins; /* whether to limit logins only for a +@@ -90,6 +90,7 @@ specific user or to count all logins */ int priority; /* the priority to run user process with */ + int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */ + char chroot_dir[8092]; /* directory to chroot into */ struct user_limits_struct limits[RLIM_NLIMITS]; const char *conf_file; int utmp_after_pam_call; -@@ -98,6 +99,7 @@ - #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 +@@ -101,6 +102,7 @@ #define LIMIT_PRI RLIM_NLIMITS+3 -+#define LIMIT_CHROOT RLIM_NLIMITS+4 + #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4 ++#define LIMIT_CHROOT RLIM_NLIMITS+5 #define LIMIT_SOFT 1 #define LIMIT_HARD 2 @@ -27,16 +27,16 @@ Index: pam/modules/pam_limits/pam_limits.c return retval; } -@@ -554,6 +558,8 @@ - pl->flag_numsyslogins = 1; - } else if (strcmp(lim_item, "priority") == 0) { +@@ -591,6 +595,8 @@ limit_item = LIMIT_PRI; + } else if (strcmp(lim_item, "nonewprivs") == 0) { + limit_item = LIMIT_NONEWPRIVS; + } else if (strcmp(lim_item, "chroot") == 0) { -+ limit_item = LIMIT_CHROOT; ++ limit_item = LIMIT_CHROOT; } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; -@@ -591,9 +597,9 @@ +@@ -640,9 +646,9 @@ pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); @@ -48,8 +48,8 @@ Index: pam/modules/pam_limits/pam_limits.c #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else -@@ -654,7 +660,11 @@ - #endif +@@ -717,7 +723,11 @@ + break; } - if ( (limit_item != LIMIT_LOGIN) @@ -59,10 +59,10 @@ Index: pam/modules/pam_limits/pam_limits.c + } + else if ( (limit_item != LIMIT_LOGIN) && (limit_item != LIMIT_NUMSYSLOGINS) - && (limit_item != LIMIT_PRI) ) { - if (limit_type & LIMIT_SOFT) { -@@ -998,6 +1008,15 @@ - retval |= LOGIN_ERR; + && (limit_item != LIMIT_PRI) + && (limit_item != LIMIT_NONEWPRIVS) ) { +@@ -1071,6 +1081,15 @@ + } } + if (!retval && pl->chroot_dir[0]) { @@ -81,7 +81,7 @@ Index: pam/modules/pam_limits/limits.conf.5.xml =================================================================== --- pam.orig/modules/pam_limits/limits.conf.5.xml +++ pam/modules/pam_limits/limits.conf.5.xml -@@ -266,6 +266,12 @@ +@@ -273,6 +273,12 @@ (Linux 2.6.12 and higher)</para> </listitem> </varlistentry> @@ -98,7 +98,7 @@ Index: pam/modules/pam_limits/limits.conf.5 =================================================================== --- pam.orig/modules/pam_limits/limits.conf.5 +++ pam/modules/pam_limits/limits.conf.5 -@@ -271,6 +271,11 @@ +@@ -279,6 +279,11 @@ .RS 4 maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) .RE @@ -114,7 +114,7 @@ Index: pam/modules/pam_limits/limits.conf =================================================================== --- pam.orig/modules/pam_limits/limits.conf +++ pam/modules/pam_limits/limits.conf -@@ -35,6 +35,7 @@ +@@ -46,6 +46,7 @@ # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority @@ -122,7 +122,7 @@ Index: pam/modules/pam_limits/limits.conf # #<domain> <type> <item> <value> # -@@ -45,6 +46,7 @@ +@@ -56,6 +57,7 @@ #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 |