diff options
Diffstat (limited to 'debian/patches/008_modules_pam_limits_chroot')
| -rw-r--r-- | debian/patches/008_modules_pam_limits_chroot | 138 |
1 files changed, 75 insertions, 63 deletions
diff --git a/debian/patches/008_modules_pam_limits_chroot b/debian/patches/008_modules_pam_limits_chroot index 7a86fdd5..2b414302 100644 --- a/debian/patches/008_modules_pam_limits_chroot +++ b/debian/patches/008_modules_pam_limits_chroot @@ -1,8 +1,73 @@ -Index: pam/modules/pam_limits/pam_limits.c +From: Sam Hartman <hartmans@debian.org> +Date: Mon, 11 Sep 2023 14:00:42 -0600 +Subject: _modules_pam_limits_chroot + =================================================================== ---- pam.orig/modules/pam_limits/pam_limits.c -+++ pam/modules/pam_limits/pam_limits.c -@@ -90,6 +90,7 @@ +--- + modules/pam_limits/limits.conf | 2 ++ + modules/pam_limits/limits.conf.5 | 5 +++++ + modules/pam_limits/limits.conf.5.xml | 6 ++++++ + modules/pam_limits/pam_limits.c | 25 ++++++++++++++++++++++--- + 4 files changed, 35 insertions(+), 3 deletions(-) + +diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf +index e8a746c..9b1d624 100644 +--- a/modules/pam_limits/limits.conf ++++ b/modules/pam_limits/limits.conf +@@ -46,6 +46,7 @@ + # - msgqueue - max memory used by POSIX message queues (bytes) + # - nice - max nice priority allowed to raise to values: [-20, 19] + # - rtprio - max realtime priority ++# - chroot - change root to directory (Debian-specific) + # + #<domain> <type> <item> <value> + # +@@ -56,6 +57,7 @@ + #@faculty soft nproc 20 + #@faculty hard nproc 50 + #ftp hard nproc 0 ++#ftp - chroot /ftp + #@student - maxlogins 4 + + # End of file +diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5 +index 25f4459..f197ccd 100644 +--- a/modules/pam_limits/limits.conf.5 ++++ b/modules/pam_limits/limits.conf.5 +@@ -279,6 +279,11 @@ rtprio + .RS 4 + maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) + .RE ++.PP ++\fBchroot\fR ++.RS 4 ++the directory to chroot the user to ++.RE + .RE + .PP + All items support the values +diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml +index 2177da1..506afda 100644 +--- a/modules/pam_limits/limits.conf.5.xml ++++ b/modules/pam_limits/limits.conf.5.xml +@@ -266,6 +266,12 @@ + (Linux 2.6.12 and higher)</para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term><option>chroot</option></term> ++ <listitem> ++ <para>the directory to chroot the user to</para> ++ </listitem> ++ </varlistentry> + </variablelist> + </listitem> + </varlistentry> +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 87bb4b7..39d99f4 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -94,6 +94,7 @@ struct pam_limit_s { specific user or to count all logins */ int priority; /* the priority to run user process with */ int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */ @@ -10,7 +75,7 @@ Index: pam/modules/pam_limits/pam_limits.c struct user_limits_struct limits[RLIM_NLIMITS]; const char *conf_file; int utmp_after_pam_call; -@@ -101,6 +102,7 @@ +@@ -105,6 +106,7 @@ struct pam_limit_s { #define LIMIT_PRI RLIM_NLIMITS+3 #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4 @@ -18,7 +83,7 @@ Index: pam/modules/pam_limits/pam_limits.c #define LIMIT_SOFT 1 #define LIMIT_HARD 2 -@@ -484,6 +486,8 @@ +@@ -493,6 +495,8 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) pl->login_limit = -2; pl->login_limit_def = LIMITS_DEF_NONE; @@ -27,7 +92,7 @@ Index: pam/modules/pam_limits/pam_limits.c return retval; } -@@ -591,6 +595,8 @@ +@@ -600,6 +604,8 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, limit_item = LIMIT_PRI; } else if (strcmp(lim_item, "nonewprivs") == 0) { limit_item = LIMIT_NONEWPRIVS; @@ -36,7 +101,7 @@ Index: pam/modules/pam_limits/pam_limits.c } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; -@@ -640,9 +646,9 @@ +@@ -649,9 +655,9 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); @@ -48,7 +113,7 @@ Index: pam/modules/pam_limits/pam_limits.c #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else -@@ -717,7 +723,11 @@ +@@ -726,7 +732,11 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type, break; } @@ -61,7 +126,7 @@ Index: pam/modules/pam_limits/pam_limits.c && (limit_item != LIMIT_NUMSYSLOGINS) && (limit_item != LIMIT_PRI) && (limit_item != LIMIT_NONEWPRIVS) ) { -@@ -1071,6 +1081,15 @@ +@@ -1084,6 +1094,15 @@ static int setup_limits(pam_handle_t *pamh, } } @@ -77,56 +142,3 @@ Index: pam/modules/pam_limits/pam_limits.c return retval; } -Index: pam/modules/pam_limits/limits.conf.5.xml -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5.xml -+++ pam/modules/pam_limits/limits.conf.5.xml -@@ -273,6 +273,12 @@ - (Linux 2.6.12 and higher)</para> - </listitem> - </varlistentry> -+ <varlistentry> -+ <term><option>chroot</option></term> -+ <listitem> -+ <para>the directory to chroot the user to</para> -+ </listitem> -+ </varlistentry> - </variablelist> - </listitem> - </varlistentry> -Index: pam/modules/pam_limits/limits.conf.5 -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf.5 -+++ pam/modules/pam_limits/limits.conf.5 -@@ -279,6 +279,11 @@ - .RS 4 - maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) - .RE -+.PP -+\fBchroot\fR -+.RS 4 -+the directory to chroot the user to -+.RE - .RE - .PP - All items support the values -Index: pam/modules/pam_limits/limits.conf -=================================================================== ---- pam.orig/modules/pam_limits/limits.conf -+++ pam/modules/pam_limits/limits.conf -@@ -46,6 +46,7 @@ - # - msgqueue - max memory used by POSIX message queues (bytes) - # - nice - max nice priority allowed to raise to values: [-20, 19] - # - rtprio - max realtime priority -+# - chroot - change root to directory (Debian-specific) - # - #<domain> <type> <item> <value> - # -@@ -56,6 +57,7 @@ - #@faculty soft nproc 20 - #@faculty hard nproc 50 - #ftp hard nproc 0 -+#ftp - chroot /ftp - #@student - maxlogins 4 - - # End of file |