diff options
Diffstat (limited to 'debian/patches-applied/027_pam_limits_better_init_allow_explicit_root')
-rw-r--r-- | debian/patches-applied/027_pam_limits_better_init_allow_explicit_root | 120 |
1 files changed, 109 insertions, 11 deletions
diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root index f89bd256..b061152f 100644 --- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root +++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root @@ -20,10 +20,14 @@ Index: pam.deb/modules/pam_limits/pam_limits.c for(i = 0; i < RLIM_NLIMITS; i++) { int r = getrlimit(i, &pl->limits[i].limit); if (r == -1) { -@@ -242,6 +244,41 @@ +@@ -240,8 +242,53 @@ + } + } else { pl->limits[i].supported = 1; - pl->limits[i].src_soft = LIMITS_DEF_NONE; - pl->limits[i].src_hard = LIMITS_DEF_NONE; +- pl->limits[i].src_soft = LIMITS_DEF_NONE; +- pl->limits[i].src_hard = LIMITS_DEF_NONE; ++ pl->limits[i].src_soft = LIMITS_DEF_ALL; ++ pl->limits[i].src_hard = LIMITS_DEF_ALL; + switch(i) { + case RLIMIT_CPU: + case RLIMIT_FSIZE: @@ -37,15 +41,21 @@ Index: pam.deb/modules/pam_limits/pam_limits.c +#ifdef RLIMIT_LOCKS + case RLIMIT_LOCKS: +#endif ++ pl->limits[i].limit.rlim_cur = RLIM_INFINITY; ++ pl->limits[i].limit.rlim_max = RLIM_INFINITY; ++ break; +#ifdef RLIMIT_SIGPENDING + case RLIMIT_SIGPENDING: ++ pl->limits[i].limit.rlim_cur = 16382; ++ pl->limits[i].limit.rlim_max = 16382; ++ break; +#endif +#ifdef RLIMIT_MSGQUEUE + case RLIMIT_MSGQUEUE: -+#endif -+ pl->limits[i].limit.rlim_cur = RLIM_INFINITY; -+ pl->limits[i].limit.rlim_max = RLIM_INFINITY; ++ pl->limits[i].limit.rlim_cur = 819200; ++ pl->limits[i].limit.rlim_max = 819200; + break; ++#endif + case RLIMIT_CORE: + pl->limits[i].limit.rlim_cur = 0; + pl->limits[i].limit.rlim_max = RLIM_INFINITY; @@ -58,11 +68,15 @@ Index: pam.deb/modules/pam_limits/pam_limits.c + pl->limits[i].limit.rlim_cur = 1024; + pl->limits[i].limit.rlim_max = 1024; + break; ++ default: ++ pl->limits[i].src_soft = LIMITS_DEF_NONE; ++ pl->limits[i].src_hard = LIMITS_DEF_NONE; ++ break; + } } } -@@ -524,7 +561,7 @@ +@@ -524,7 +571,7 @@ if (strcmp(uname, domain) == 0) /* this user have a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); @@ -71,7 +85,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -533,7 +570,7 @@ +@@ -533,7 +580,7 @@ if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); @@ -80,7 +94,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", -@@ -547,7 +584,7 @@ +@@ -547,7 +594,7 @@ process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, pl); } @@ -89,7 +103,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); } else if (i == 2 && ltype[0] == '-') { /* Probably a no-limit line */ -@@ -582,6 +619,12 @@ +@@ -582,6 +629,12 @@ int status; int retval = LIMITED_OK; @@ -102,7 +116,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) { if (!pl->limits[i].supported) { /* skip it if its not known to the system */ -@@ -675,6 +718,8 @@ +@@ -675,6 +728,8 @@ return PAM_ABORT; } @@ -111,3 +125,87 @@ Index: pam.deb/modules/pam_limits/pam_limits.c retval = parse_config_file(pamh, pwd->pw_name, ctrl, pl); if (retval == PAM_IGNORE) { D(("the configuration file ('%s') has an applicable '<domain> -' entry", CONF_FILE)); +Index: pam.deb/modules/pam_limits/limits.conf +=================================================================== +--- pam.deb.orig/modules/pam_limits/limits.conf ++++ pam.deb/modules/pam_limits/limits.conf +@@ -11,6 +11,9 @@ + # - the wildcard *, for default entry + # - the wildcard %, can be also used with %group syntax, + # for maxlogin limit ++# - NOTE: group and wildcard limits are not applied to root. ++# To apply a limit to the root user, <domain> must be ++# the literal username root. + # + #<type> can have the two values: + # - "soft" for enforcing the soft limits +@@ -41,6 +44,7 @@ + # + + #* soft core 0 ++#root hard core 100000 + #* hard rss 10000 + #@student hard nproc 20 + #@faculty soft nproc 20 +Index: pam.deb/modules/pam_limits/limits.conf.5.xml +=================================================================== +--- pam.deb.orig/modules/pam_limits/limits.conf.5.xml ++++ pam.deb/modules/pam_limits/limits.conf.5.xml +@@ -57,6 +57,11 @@ + </para> + </listitem> + </itemizedlist> ++ <para> ++ <emphasis remap='B'>NOTE:</emphasis> group and wildcard limits are not ++ applied to the root user. To set a limit for the root user, this field ++ must contain the literal username <emphasis remap='B'>root</emphasis>. ++ </para> + </listitem> + </varlistentry> + +@@ -266,6 +271,7 @@ + </para> + <programlisting> + * soft core 0 ++root hard core 100000 + * hard rss 10000 + @student hard nproc 20 + @faculty soft nproc 20 +Index: pam.deb/modules/pam_limits/limits.conf.5 +=================================================================== +--- pam.deb.orig/modules/pam_limits/limits.conf.5 ++++ pam.deb/modules/pam_limits/limits.conf.5 +@@ -1,11 +1,11 @@ + .\" Title: limits.conf + .\" Author: + .\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/> +-.\" Date: 07/27/2008 ++.\" Date: 11/09/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "LIMITS\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "LIMITS\&.CONF" "5" "11/09/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -48,6 +48,11 @@ + \fI%group\fR + syntax\&. + .RE ++.IP "" 4 ++ ++\fBNOTE:\fR ++group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username ++\fBroot\fR\&. + .RE + .PP + \fB<type>\fR +@@ -204,6 +209,7 @@ + .RS 4 + .nf + * soft core 0 ++root hard core 100000 + * hard rss 10000 + @student hard nproc 20 + @faculty soft nproc 20 |