1 files changed, 109 insertions, 11 deletions
diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
index f89bd256..b061152f 100644
--- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
+++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
@@ -20,10 +20,14 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
      for(i = 0; i < RLIM_NLIMITS; i++) {
  	int r = getrlimit(i, &pl->limits[i].limit);
  	if (r == -1) {
-@@ -242,6 +244,41 @@
+@@ -240,8 +242,53 @@
+ 	    }
+ 	} else {
  	    pl->limits[i].supported = 1;
- 	    pl->limits[i].src_soft = LIMITS_DEF_NONE;
- 	    pl->limits[i].src_hard = LIMITS_DEF_NONE;
+-	    pl->limits[i].src_soft = LIMITS_DEF_NONE;
+-	    pl->limits[i].src_hard = LIMITS_DEF_NONE;
++	    pl->limits[i].src_soft = LIMITS_DEF_ALL;
++	    pl->limits[i].src_hard = LIMITS_DEF_ALL;
 +	    switch(i) {
 +		case RLIMIT_CPU:
 +		case RLIMIT_FSIZE:
@@ -37,15 +41,21 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
 +#ifdef RLIMIT_LOCKS
 +		case RLIMIT_LOCKS:
 +#endif
++		    pl->limits[i].limit.rlim_cur = RLIM_INFINITY;
++		    pl->limits[i].limit.rlim_max = RLIM_INFINITY;
++		    break;
 +#ifdef RLIMIT_SIGPENDING
 +		case RLIMIT_SIGPENDING:
++		    pl->limits[i].limit.rlim_cur = 16382;
++		    pl->limits[i].limit.rlim_max = 16382;
++		    break;
 +#endif
 +#ifdef RLIMIT_MSGQUEUE
 +		case RLIMIT_MSGQUEUE:
-+#endif
-+		    pl->limits[i].limit.rlim_cur = RLIM_INFINITY;
-+		    pl->limits[i].limit.rlim_max = RLIM_INFINITY;
++		    pl->limits[i].limit.rlim_cur = 819200;
++		    pl->limits[i].limit.rlim_max = 819200;
 +		    break;
++#endif
 +		case RLIMIT_CORE:
 +		    pl->limits[i].limit.rlim_cur = 0;
 +		    pl->limits[i].limit.rlim_max = RLIM_INFINITY;
@@ -58,11 +68,15 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
 +		    pl->limits[i].limit.rlim_cur = 1024;
 +		    pl->limits[i].limit.rlim_max = 1024;
 +		    break;
++		default:
++		    pl->limits[i].src_soft = LIMITS_DEF_NONE;
++		    pl->limits[i].src_hard = LIMITS_DEF_NONE;
++		    break;
 +	    }
  	}
      }
  
-@@ -524,7 +561,7 @@
+@@ -524,7 +571,7 @@
  
              if (strcmp(uname, domain) == 0) /* this user have a limit */
                  process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl);
@@ -71,7 +85,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
  		    if (ctrl & PAM_DEBUG_ARG) {
  			pam_syslog(pamh, LOG_DEBUG,
  				   "checking if %s is in group %s",
-@@ -533,7 +570,7 @@
+@@ -533,7 +580,7 @@
                  if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1))
                      process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl,
  				  pl);
@@ -80,7 +94,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
  		    if (ctrl & PAM_DEBUG_ARG) {
  			pam_syslog(pamh, LOG_DEBUG,
  				   "checking if %s is in group %s",
-@@ -547,7 +584,7 @@
+@@ -547,7 +594,7 @@
                      process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl,
  				  pl);
  		}
@@ -89,7 +103,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
                  process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl,
  			      pl);
  	} else if (i == 2 && ltype[0] == '-') { /* Probably a no-limit line */
-@@ -582,6 +619,12 @@
+@@ -582,6 +629,12 @@
      int status;
      int retval = LIMITED_OK;
  
@@ -102,7 +116,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
      for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) {
  	if (!pl->limits[i].supported) {
  	    /* skip it if its not known to the system */
-@@ -675,6 +718,8 @@
+@@ -675,6 +728,8 @@
          return PAM_ABORT;
      }
  
@@ -111,3 +125,87 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
      retval = parse_config_file(pamh, pwd->pw_name, ctrl, pl);
      if (retval == PAM_IGNORE) {
  	D(("the configuration file ('%s') has an applicable '<domain> -' entry", CONF_FILE));
+Index: pam.deb/modules/pam_limits/limits.conf
+===================================================================
+--- pam.deb.orig/modules/pam_limits/limits.conf
++++ pam.deb/modules/pam_limits/limits.conf
+@@ -11,6 +11,9 @@
+ #        - the wildcard *, for default entry
+ #        - the wildcard %, can be also used with %group syntax,
+ #                 for maxlogin limit
++#        - NOTE: group and wildcard limits are not applied to root.
++#          To apply a limit to the root user, <domain> must be
++#          the literal username root.
+ #
+ #<type> can have the two values:
+ #        - "soft" for enforcing the soft limits
+@@ -41,6 +44,7 @@
+ #
+ 
+ #*               soft    core            0
++#root            hard    core            100000
+ #*               hard    rss             10000
+ #@student        hard    nproc           20
+ #@faculty        soft    nproc           20
+Index: pam.deb/modules/pam_limits/limits.conf.5.xml
+===================================================================
+--- pam.deb.orig/modules/pam_limits/limits.conf.5.xml
++++ pam.deb/modules/pam_limits/limits.conf.5.xml
+@@ -57,6 +57,11 @@
+               </para>
+             </listitem>
+           </itemizedlist>
++	  <para>
++	    <emphasis remap='B'>NOTE:</emphasis> group and wildcard limits are not
++	    applied to the root user.  To set a limit for the root user, this field
++	    must contain the literal username <emphasis remap='B'>root</emphasis>.
++	  </para>
+         </listitem>
+       </varlistentry>
+ 
+@@ -266,6 +271,7 @@
+     </para>
+     <programlisting>
+ *               soft    core            0
++root            hard    core            100000
+ *               hard    rss             10000
+ @student        hard    nproc           20
+ @faculty        soft    nproc           20
+Index: pam.deb/modules/pam_limits/limits.conf.5
+===================================================================
+--- pam.deb.orig/modules/pam_limits/limits.conf.5
++++ pam.deb/modules/pam_limits/limits.conf.5
+@@ -1,11 +1,11 @@
+ .\"     Title: limits.conf
+ .\"    Author: 
+ .\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
+-.\"      Date: 07/27/2008
++.\"      Date: 11/09/2008
+ .\"    Manual: Linux-PAM Manual
+ .\"    Source: Linux-PAM Manual
+ .\"
+-.TH "LIMITS\&.CONF" "5" "07/27/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "LIMITS\&.CONF" "5" "11/09/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
+ .\" disable hyphenation
+ .nh
+ .\" disable justification (adjust text to left margin only)
+@@ -48,6 +48,11 @@
+ \fI%group\fR
+ syntax\&.
+ .RE
++.IP "" 4
++
++\fBNOTE:\fR
++group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username
++\fBroot\fR\&.
+ .RE
+ .PP
+ \fB<type>\fR
+@@ -204,6 +209,7 @@
+ .RS 4
+ .nf
+ *               soft    core            0
++root            hard    core            100000
+ *               hard    rss             10000
+ @student        hard    nproc           20
+ @faculty        soft    nproc           20