fapolicyd/fapolicyd-rlimit-change.patch

From 00ebdf8b45f83019dd0c00d741ce99cdb4b177ba Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Wed, 21 Jun 2023 10:49:27 -0400
Subject: [PATCH] Change how rlimit is set

Last release changed to using the systemd LimitNOFILE=16384. This also
has the effect of changing the hard rlimit to the same number. If we
instead call getrlimit and set the soft limit to the hard limit, we
can have more descriptors available.

Also correct the error detection of failed nice syscalls.
---
 init/fapolicyd.service |  1 -
 src/daemon/fapolicyd.c | 11 ++++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/init/fapolicyd.service b/init/fapolicyd.service
index 831b5ff8..a5a6a3fc 100644
--- a/init/fapolicyd.service
+++ b/init/fapolicyd.service
@@ -6,7 +6,6 @@ Documentation=man:fapolicyd(8)
 
 [Service]
 OOMScoreAdjust=-1000
-LimitNOFILE=16384
 Type=forking
 PIDFile=/run/fapolicyd.pid
 ExecStartPre=/usr/sbin/fagenrules
diff --git a/src/daemon/fapolicyd.c b/src/daemon/fapolicyd.c
index 454e43b4..173f41c4 100644
--- a/src/daemon/fapolicyd.c
+++ b/src/daemon/fapolicyd.c
@@ -516,12 +516,21 @@ int main(int argc, const char *argv[])
 	limit.rlim_cur = RLIM_INFINITY;
 	limit.rlim_max = RLIM_INFINITY;
 	setrlimit(RLIMIT_FSIZE, &limit);
+	getrlimit(RLIMIT_NOFILE, &limit);
+	if (limit.rlim_max >= 16384)
+		limit.rlim_cur = limit.rlim_max;
+	else
+		limit.rlim_cur = 16834;
 	if (setrlimit(RLIMIT_NOFILE, &limit))
 		msg(LOG_WARNING, "Can't increase file number rlimit - %s",
 		    strerror(errno));
+	else
+		msg(LOG_INFO, "Can handle %u file descriptors", limit.rlim_cur);
 
 	// get more time slices because everything is waiting on us
-	if (nice(-config.nice_val))
+	errno = 0;
+	nice(-config.nice_val);
+	if (errno)
 		msg(LOG_WARNING, "Couldn't adjust priority (%s)",
 				strerror(errno));