add workaround for low nproc limit for confined root user (#432903)

This commit is contained in:
Tomas Mraz 2013-03-14 16:59:47 +01:00
parent c6b26088e2
commit 21cc104fe0
4 changed files with 26 additions and 14 deletions

View File

@ -3,3 +3,4 @@
# See rhbz #432903 for reasoning. # See rhbz #432903 for reasoning.
* soft nproc 1024 * soft nproc 1024
root soft nproc unlimited

View File

@ -1,12 +0,0 @@
diff -up Linux-PAM-1.1.5/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.5/modules/pam_limits/limits.conf
--- Linux-PAM-1.1.5/modules/pam_limits/limits.conf.limits 2011-06-21 11:04:56.000000000 +0200
+++ Linux-PAM-1.1.5/modules/pam_limits/limits.conf 2011-12-21 09:09:17.000000000 +0100
@@ -1,5 +1,8 @@
# /etc/security/limits.conf
#
+#This file sets the resource limits for the users logged in via PAM.
+#It does not affect resource limits of the system services.
+#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>

View File

@ -0,0 +1,20 @@
diff -up Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.6/modules/pam_limits/limits.conf
--- Linux-PAM-1.1.6/modules/pam_limits/limits.conf.limits 2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/modules/pam_limits/limits.conf 2013-03-14 16:43:37.615087671 +0100
@@ -1,5 +1,16 @@
# /etc/security/limits.conf
#
+#This file sets the resource limits for the users logged in via PAM.
+#It does not affect resource limits of the system services.
+#
+#Also note that configuration files in /etc/security/limits.d directory,
+#which are read in alphabetical order, override the settings in this
+#file in case the domain is the same or more specific.
+#That means for example that setting a limit for wildcard domain here
+#can be overriden with a wildcard setting in a config file in the
+#subdirectory, but a user specific setting here can be overriden only
+#with a user specific setting in the subdirectory.
+#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>

View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.1.6 Version: 1.1.6
Release: 6%{?dist} Release: 7%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -37,7 +37,7 @@ Patch9: pam-1.1.6-noflex.patch
Patch10: pam-1.1.3-nouserenv.patch Patch10: pam-1.1.3-nouserenv.patch
Patch11: pam-1.1.3-console-abstract.patch Patch11: pam-1.1.3-console-abstract.patch
Patch12: pam-1.1.3-faillock-screensaver.patch Patch12: pam-1.1.3-faillock-screensaver.patch
Patch13: pam-1.1.5-limits-user.patch Patch13: pam-1.1.6-limits-user.patch
Patch14: pam-1.1.6-audit-data.patch Patch14: pam-1.1.6-audit-data.patch
Patch15: pam-1.1.6-full-relro.patch Patch15: pam-1.1.6-full-relro.patch
# FIPS related - non upstreamable # FIPS related - non upstreamable
@ -383,6 +383,9 @@ fi
%doc doc/adg/*.txt doc/adg/html %doc doc/adg/*.txt doc/adg/html
%changelog %changelog
* Thu Mar 14 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-7
- add workaround for low nproc limit for confined root user (#432903)
* Thu Feb 21 2013 Karsten Hopp <karsten@redhat.com> 1.1.6-6 * Thu Feb 21 2013 Karsten Hopp <karsten@redhat.com> 1.1.6-6
- add support for ppc64p7 arch (Power7 optimized) - add support for ppc64p7 arch (Power7 optimized)