add workaround for low nproc limit for confined root user (#432903)

2013-03-14 16:59:47 +01:00 · 2013-03-14 16:59:47 +01:00 · 21cc104fe0
parent c6b26088e2
commit 21cc104fe0
4 changed files with 26 additions and 14 deletions
--- a/90-nproc.conf
+++ b/90-nproc.conf
@ -3,3 +3,4 @@
 # See rhbz #432903 for reasoning.

 *          soft    nproc     1024
+root       soft    nproc     unlimited
--- a/pam-1.1.5-limits-user.patch
+++ b/pam-1.1.5-limits-user.patch
@ -1,12 +0,0 @@
-diff -up Linux-PAM-1.1.5/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.5/modules/pam_limits/limits.conf
--- Linux-PAM-1.1.5/modules/pam_limits/limits.conf.limits	2011-06-21 11:04:56.000000000 +0200
-+++ Linux-PAM-1.1.5/modules/pam_limits/limits.conf	2011-12-21 09:09:17.000000000 +0100
-@@ -1,5 +1,8 @@
- # /etc/security/limits.conf
- #
-+#This file sets the resource limits for the users logged in via PAM.
-+#It does not affect resource limits of the system services.
-+#
- #Each line describes a limit for a user in the form:
- #
- #<domain>        <type>  <item>  <value>
--- a/pam-1.1.6-limits-user.patch
+++ b/pam-1.1.6-limits-user.patch
@ -0,0 +1,20 @@
+diff -up Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.6/modules/pam_limits/limits.conf
+--- Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits	2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/modules/pam_limits/limits.conf	2013-03-14 16:43:37.615087671 +0100
+@@ -1,5 +1,16 @@
+ # /etc/security/limits.conf
+ #
+#This file sets the resource limits for the users logged in via PAM.
+#It does not affect resource limits of the system services.
+#
+#Also note that configuration files in /etc/security/limits.d directory,
+#which are read in alphabetical order, override the settings in this
+#file in case the domain is the same or more specific.
+#That means for example that setting a limit for wildcard domain here
+#can be overriden with a wildcard setting in a config file in the
+#subdirectory, but a user specific setting here can be overriden only
+#with a user specific setting in the subdirectory.
+#
+ #Each line describes a limit for a user in the form:
+ #
+ #<domain>        <type>  <item>  <value>
--- a/pam.spec
+++ b/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.6
-Release: 6%{?dist}
+Release: 7%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -37,7 +37,7 @@ Patch9:  pam-1.1.6-noflex.patch
 Patch10: pam-1.1.3-nouserenv.patch
 Patch11: pam-1.1.3-console-abstract.patch
 Patch12: pam-1.1.3-faillock-screensaver.patch
-Patch13: pam-1.1.5-limits-user.patch
+Patch13: pam-1.1.6-limits-user.patch
 Patch14: pam-1.1.6-audit-data.patch
 Patch15: pam-1.1.6-full-relro.patch
 # FIPS related - non upstreamable
@ -383,6 +383,9 @@ fi
 %doc doc/adg/*.txt doc/adg/html

 %changelog
+* Thu Mar 14 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-7
+- add workaround for low nproc limit for confined root user (#432903)
+
 * Thu Feb 21 2013 Karsten Hopp <karsten@redhat.com> 1.1.6-6
 - add support for ppc64p7 arch (Power7 optimized)