diff options
Diffstat (limited to 'debian/patches-applied/008_modules_pam_limits_chroot')
| -rw-r--r-- | debian/patches-applied/008_modules_pam_limits_chroot | 321 |
1 files changed, 133 insertions, 188 deletions
diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot index b00ba90f..5155920f 100644 --- a/debian/patches-applied/008_modules_pam_limits_chroot +++ b/debian/patches-applied/008_modules_pam_limits_chroot @@ -1,16 +1,16 @@ -Index: Linux-PAM/modules/pam_limits/pam_limits.c +Index: pam.deb/modules/pam_limits/pam_limits.c =================================================================== ---- Linux-PAM/modules/pam_limits/pam_limits.c.orig -+++ Linux-PAM/modules/pam_limits/pam_limits.c -@@ -74,6 +74,7 @@ +--- pam.deb.orig/modules/pam_limits/pam_limits.c ++++ pam.deb/modules/pam_limits/pam_limits.c +@@ -75,6 +75,7 @@ int flag_numsyslogins; /* whether to limit logins only for a specific user or to count all logins */ int priority; /* the priority to run user process with */ + char chroot_dir[8092]; /* directory to chroot into */ struct user_limits_struct limits[RLIM_NLIMITS]; - char conf_file[BUFSIZ]; + const char *conf_file; int utmp_after_pam_call; -@@ -84,6 +85,7 @@ +@@ -85,6 +86,7 @@ #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 #define LIMIT_PRI RLIM_NLIMITS+3 @@ -18,7 +18,7 @@ Index: Linux-PAM/modules/pam_limits/pam_limits.c #define LIMIT_SOFT 1 #define LIMIT_HARD 2 -@@ -238,6 +240,8 @@ +@@ -243,6 +245,8 @@ pl->login_limit = -2; pl->login_limit_def = LIMITS_DEF_NONE; @@ -27,7 +27,7 @@ Index: Linux-PAM/modules/pam_limits/pam_limits.c return retval; } -@@ -306,6 +310,8 @@ +@@ -311,6 +315,8 @@ pl->flag_numsyslogins = 1; } else if (strcmp(lim_item, "priority") == 0) { limit_item = LIMIT_PRI; @@ -36,7 +36,7 @@ Index: Linux-PAM/modules/pam_limits/pam_limits.c } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; -@@ -343,9 +349,9 @@ +@@ -348,9 +354,9 @@ pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); @@ -48,7 +48,7 @@ Index: Linux-PAM/modules/pam_limits/pam_limits.c #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else -@@ -392,7 +398,9 @@ +@@ -409,7 +415,9 @@ break; } @@ -59,7 +59,7 @@ Index: Linux-PAM/modules/pam_limits/pam_limits.c && (limit_item != LIMIT_NUMSYSLOGINS) && (limit_item != LIMIT_PRI) ) { if (limit_type & LIMIT_SOFT) { -@@ -590,6 +598,13 @@ +@@ -605,6 +613,13 @@ retval |= LOGIN_ERR; } @@ -73,10 +73,10 @@ Index: Linux-PAM/modules/pam_limits/pam_limits.c return retval; } -Index: Linux-PAM/modules/pam_limits/limits.conf.5.xml +Index: pam.deb/modules/pam_limits/limits.conf.5.xml =================================================================== ---- Linux-PAM/modules/pam_limits/limits.conf.5.xml.orig -+++ Linux-PAM/modules/pam_limits/limits.conf.5.xml +--- pam.deb.orig/modules/pam_limits/limits.conf.5.xml ++++ pam.deb/modules/pam_limits/limits.conf.5.xml @@ -223,6 +223,12 @@ (Linux 2.6.12 and higher)</para> </listitem> @@ -90,244 +90,189 @@ Index: Linux-PAM/modules/pam_limits/limits.conf.5.xml </variablelist> </listitem> </varlistentry> -Index: Linux-PAM/modules/pam_limits/limits.conf.5 +Index: pam.deb/modules/pam_limits/limits.conf.5 =================================================================== ---- Linux-PAM/modules/pam_limits/limits.conf.5.orig -+++ Linux-PAM/modules/pam_limits/limits.conf.5 +--- pam.deb.orig/modules/pam_limits/limits.conf.5 ++++ pam.deb/modules/pam_limits/limits.conf.5 @@ -1,11 +1,11 @@ .\" Title: limits.conf .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> --.\" Date: 06/22/2006 +-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> +-.\" Date: 04/30/2007 -.\" Manual: Linux\-PAM Manual -.\" Source: Linux\-PAM Manual -+.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/> -+.\" Date: 08/19/2007 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/> ++.\" Date: 07/22/2008 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual .\" --.TH "LIMITS.CONF" "5" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" -+.TH "LIMITS.CONF" "5" "08/19/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" +-.TH "LIMITS.CONF" "5" "04/30/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" ++.TH "LIMITS\&.CONF" "5" "07/22/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -23,38 +23,45 @@ - \fI<value>\fR +@@ -26,48 +26,49 @@ .PP - The fields listed above should be filled as follows: --.TP 3n -+.PP \fB<domain>\fR --.RS 3n --.TP 3n --\(bu --a username --.TP 3n --\(bu --a groupname, with -+.RS 4 + .RS 4 +.sp +.RS 4 +\h'-04'\(bu\h'+03'a username +.RE +.sp -+.RS 4 + .RS 4 +-.TP 4 +-\(bu +-a username +-.TP 4 +-\(bu +-a groupname, with +\h'-04'\(bu\h'+03'a groupname, with \fB@group\fR - syntax. This should not be confused with netgroups. --.TP 3n +-syntax. This should not be confused with netgroups. +-.TP 4 -\(bu -the wildcard +-\fB*\fR, for default entry. +-.TP 4 +-\(bu +-the wildcard ++syntax\&. This should not be confused with netgroups\&. +.RE +.sp +.RS 4 +\h'-04'\(bu\h'+03'the wildcard - \fB*\fR, for default entry. --.TP 3n --\(bu --the wildcard ++\fB*\fR, for default entry\&. +.RE +.sp +.RS 4 +\h'-04'\(bu\h'+03'the wildcard \fB%\fR, for maxlogins limit only, can also be used with \fI%group\fR - syntax. +-syntax. ++syntax\&. .RE --.TP 3n -+.RE -+.PP + .RE + .PP \fB<type>\fR --.RS 3n --.TP 3n -+.RS 4 -+.PP + .RS 4 +-.RS 4 + .PP \fBhard\fR -+.RS 4 + .RS 4 for enforcing \fBhard\fR - resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values. --.TP 3n -+.RE -+.PP +-resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values. ++resource limits\&. These limits are set by the superuser and enforced by the Kernel\&. The user cannot raise his requirement of system resources above such values\&. + .RE + .PP \fBsoft\fR -+.RS 4 + .RS 4 for enforcing \fBsoft\fR - resource limits. These limits are ones that the user can move up or down within the permitted range by any pre\-exisiting -@@ -62,8 +69,10 @@ - limits. The values specified with this token can be thought of as +-resource limits. These limits are ones that the user can move up or down within the permitted range by any pre\-exisiting ++resource limits\&. These limits are ones that the user can move up or down within the permitted range by any pre\-exisiting + \fBhard\fR +-limits. The values specified with this token can be thought of as ++limits\&. The values specified with this token can be thought of as \fIdefault\fR - values, for normal system usage. --.TP 3n -+.RE -+.PP +-values, for normal system usage. ++values, for normal system usage\&. + .RE + .PP \fB\-\fR -+.RS 4 - for enforcing both +@@ -76,16 +77,14 @@ \fBsoft\fR and -@@ -72,65 +81,107 @@ + \fBhard\fR +-resource limits together. ++resource limits together\&. .sp - Note, if you specify a type of '\-' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc. . +-Note, if you specify a type of '\-' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc. . +-.RE ++Note, if you specify a type of \'\-\' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\&. \&. .RE --.TP 3n -+.RE -+.PP + .RE + .PP \fB<item>\fR --.RS 3n --.TP 3n -+.RS 4 -+.PP + .RS 4 +-.RS 4 + .PP \fBcore\fR -+.RS 4 - limits the core file size (KB) --.TP 3n -+.RE -+.PP - \fBdata\fR -+.RS 4 - maximum data size (KB) --.TP 3n -+.RE -+.PP - \fBfsize\fR -+.RS 4 - maximum filesize (KB) --.TP 3n -+.RE -+.PP - \fBmemlock\fR -+.RS 4 - maximum locked\-in\-memory address space (KB) --.TP 3n -+.RE -+.PP - \fBnofile\fR -+.RS 4 - maximum number of open files --.TP 3n -+.RE -+.PP - \fBrss\fR -+.RS 4 - maximum resident set size (KB) --.TP 3n -+.RE -+.PP - \fBstack\fR -+.RS 4 - maximum stack size (KB) --.TP 3n -+.RE -+.PP - \fBcpu\fR -+.RS 4 - maximum CPU time (minutes) --.TP 3n -+.RE -+.PP - \fBnproc\fR -+.RS 4 - maximum number of processes --.TP 3n -+.RE -+.PP - \fBas\fR -+.RS 4 - address space limit --.TP 3n -+.RE -+.PP - \fBmaxlogins\fR -+.RS 4 - maximum number of logins for this user --.TP 3n -+.RE -+.PP - \fBmaxsyslogins\fR -+.RS 4 - maximum number of logins on system --.TP 3n -+.RE -+.PP - \fBpriority\fR -+.RS 4 - the priority to run user process with (negative values boost process priority) --.TP 3n -+.RE -+.PP + .RS 4 +@@ -154,48 +153,52 @@ + .PP \fBlocks\fR -+.RS 4 - maximum locked files (Linux 2.4 and higher) --.TP 3n -+.RE -+.PP + .RS 4 +-maximum locked files (Linux 2.4 and higher) ++maximum locked files (Linux 2\&.4 and higher) + .RE + .PP \fBsigpending\fR -+.RS 4 - maximum number of pending signals (Linux 2.6 and higher) --.TP 3n -+.RE -+.PP + .RS 4 +-maximum number of pending signals (Linux 2.6 and higher) ++maximum number of pending signals (Linux 2\&.6 and higher) + .RE + .PP \fBmsqqueue\fR -+.RS 4 - maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher) --.TP 3n -+.RE -+.PP + .RS 4 +-maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher) ++maximum memory used by POSIX message queues (bytes) (Linux 2\&.6 and higher) + .RE + .PP \fBnice\fR -+.RS 4 - maximum nice priority allowed to raise to (Linux 2.6.12 and higher) --.TP 3n -+.RE -+.PP - \fBrtprio\fR -+.RS 4 - maximum realtime priority allowed for non\-privileged processes (Linux 2.6.12 and higher) + .RS 4 +-maximum nice priority allowed to raise to (Linux 2.6.12 and higher) ++maximum nice priority allowed to raise to (Linux 2\&.6\&.12 and higher) .RE .PP + \fBrtprio\fR + .RS 4 +-maximum realtime priority allowed for non\-privileged processes (Linux 2.6.12 and higher) ++maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) + .RE ++.PP +\fBchroot\fR +.RS 4 +the directory to chroot the user to -+.RE -+.RE -+.PP + .RE + .RE + .PP In general, individual limits have priority over group limits, so if you impose no limits for \fIadmin\fR - group, but one of the members in this group have a limits line, the user will have its limits set according to this line. -@@ -149,7 +200,7 @@ +-group, but one of the members in this group have a limits line, the user will have its limits set according to this line. ++group, but one of the members in this group have a limits line, the user will have its limits set according to this line\&. + .PP + Also, please note that all limit settings are set +-\fIper login\fR. They are not global, nor are they permanent; existing only for the duration of the session. ++\fIper login\fR\&. They are not global, nor are they permanent; existing only for the duration of the session\&. + .PP + In the + \fIlimits\fR +-configuration file, the '\fB#\fR' character introduces a comment \- after which the rest of the line is ignored. ++configuration file, the \'\fB#\fR\' character introduces a comment \- after which the rest of the line is ignored\&. + .PP + The pam_limits module does its best to report configuration problems found in its configuration file via +-\fBsyslog\fR(3). ++\fBsyslog\fR(3)\&. + .SH "EXAMPLES" + .PP These are some example lines which might be specified in - \fI/etc/security/limits.conf\fR. +-\fI/etc/security/limits.conf\fR. ++\fI/etc/security/limits\&.conf\fR\&. .sp --.RS 3n -+.RS 4 + .RS 4 .nf - * soft core 0 - * hard rss 10000 -Index: Linux-PAM/modules/pam_limits/limits.conf +@@ -217,4 +220,4 @@ + \fBpam\fR(8) + .SH "AUTHOR" + .PP +-pam_limits was initially written by Cristian Gafton <gafton@redhat.com> ++pam_limits was initially written by Cristian Gafton <gafton@redhat\&.com> +Index: pam.deb/modules/pam_limits/limits.conf =================================================================== ---- Linux-PAM/modules/pam_limits/limits.conf.orig -+++ Linux-PAM/modules/pam_limits/limits.conf +--- pam.deb.orig/modules/pam_limits/limits.conf ++++ pam.deb/modules/pam_limits/limits.conf @@ -35,6 +35,7 @@ # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to |