* [PATCH] rlimit_nproc @ 2001-12-27 20:18 Rik van Riel 2001-12-27 20:35 ` Linus Torvalds 0 siblings, 1 reply; 7+ messages in thread From: Rik van Riel @ 2001-12-27 20:18 UTC (permalink / raw) To: Linus Torvalds; +Cc: linux-kernel Hi, (not yet automated, scripts need to be written ... but the patch below would be a typical candidate ... are you happy with the way the description and patch are combined ?) When a user has a low RLIMIT_NPROC set in limits.conf, the user fails to log in. This is because the programs using pam basically do the following: 1) apply rlimits, setting RLIMIT_NPROC to eg. 10 2) fork() to spawn the shell, which fails if root has more processes running than the per-user limit 3) change to the user's UID 4) exec() the shell This patch ignores the limit for root so it's possible to use limit on the amount of processes per user again. This is also a good thing because the processes it ignores change UID again. Server processes running as root need to do their own limiting anyway, otherwise they'd just starve out the proverbial root shell. --- linux/kernel/fork.c.orig Fri Jun 22 20:27:27 2001 +++ linux/kernel/fork.c Fri Jun 22 20:52:41 2001 @@ -576,7 +576,14 @@ *p = *current; retval = -EAGAIN; - if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur) + /* + * Check if we are over our maximum process limit, but be sure to + * exclude root. This is needed to make it possible for login and + * friends to set the per-user process limit to something lower + * than the amount of processes root is running. -- Rik + */ + if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur + && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) goto bad_fork_free; atomic_inc(&p->user->__count); atomic_inc(&p->user->processes); ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] rlimit_nproc 2001-12-27 20:18 [PATCH] rlimit_nproc Rik van Riel @ 2001-12-27 20:35 ` Linus Torvalds 2001-12-27 21:35 ` Legacy Fishtank 0 siblings, 1 reply; 7+ messages in thread From: Linus Torvalds @ 2001-12-27 20:35 UTC (permalink / raw) To: Rik van Riel; +Cc: linux-kernel On Thu, 27 Dec 2001, Rik van Riel wrote: > > (not yet automated, scripts need to be written ... but the patch > below would be a typical candidate ... are you happy with the way > the description and patch are combined ?) Looks fine, except for the fact that nowhere did it say which kernel version the patch was generated against. Which is often a rather important clue ;) Now if you automate this, I would suggest adding a section in between the explanation and the patch: the "diffstat" output of the patch. It doesn't matter much for this example, because obviously the patch is small enough that just scrolling down shows what's up, but.. I would also suggest that whatever activates the patch asks for a subject-line that is more than 12 characters long ;) Also worthwhile for automation is an md5sum or similar (for verifying that the mail made it though the mail system unscathed). A pgp signature would be even better, of course - especially useful as I suspect it would be good to also cc the things to some patch-list, and having a clear identity on the sender is always a good idea in these things. Linus ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] rlimit_nproc 2001-12-27 20:35 ` Linus Torvalds @ 2001-12-27 21:35 ` Legacy Fishtank 2001-12-28 23:53 ` Daniel Phillips 0 siblings, 1 reply; 7+ messages in thread From: Legacy Fishtank @ 2001-12-27 21:35 UTC (permalink / raw) To: Linus Torvalds; +Cc: Rik van Riel, linux-kernel On Thu, Dec 27, 2001 at 12:35:38PM -0800, Linus Torvalds wrote: > Also worthwhile for automation is an md5sum or similar (for verifying that > the mail made it though the mail system unscathed). A pgp signature would > be even better, of course - especially useful as I suspect it would be > good to also cc the things to some patch-list, and having a clear identity > on the sender is always a good idea in these things. I've been thinking that a "patches@kernel.org" dumping ground would be useful. This is NOT intended as a patch tracker. This is NOT intended as a substitution for submitting the patch to you, but instead intended as a patch archive that doesn't go away. We have seen linux-kernel archives come and go, or drop messages. But a patch archive would be useful... I'm not sure a mailing list proper is right for the job, since I want to support the reception and archiving of multi-megabyte patches at times. Jeff ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] rlimit_nproc 2001-12-27 21:35 ` Legacy Fishtank @ 2001-12-28 23:53 ` Daniel Phillips 2001-12-29 18:13 ` Oliver Xymoron 0 siblings, 1 reply; 7+ messages in thread From: Daniel Phillips @ 2001-12-28 23:53 UTC (permalink / raw) To: Legacy Fishtank, Linus Torvalds; +Cc: Rik van Riel, linux-kernel On December 27, 2001 10:35 pm, Legacy Fishtank wrote: > On Thu, Dec 27, 2001 at 12:35:38PM -0800, Linus Torvalds wrote: > > Also worthwhile for automation is an md5sum or similar (for verifying that > > the mail made it though the mail system unscathed). A pgp signature would > > be even better, of course - especially useful as I suspect it would be > > good to also cc the things to some patch-list, and having a clear identity > > on the sender is always a good idea in these things. > > I've been thinking that a "patches@kernel.org" dumping ground would be > useful. > > This is NOT intended as a patch tracker. This is NOT intended as a > substitution for submitting the patch to you, but instead intended > as a patch archive that doesn't go away. We have seen linux-kernel > archives come and go, or drop messages. But a patch archive would be > useful... I'm not sure a mailing list proper is right for the job, > since I want to support the reception and archiving of multi-megabyte > patches at times. Exactly what I was thinking of: 'linux-patches@kernel.org'. The idea is, instead of putting [PATCH] on your subject line and cc'ing it to Linus, you mail it to linux-patches with a cc to lkml if you like (depending on size of patch, how interesting, etc). In any event, linux-patches will forward a copy to Linus. -- Daniel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] rlimit_nproc 2001-12-28 23:53 ` Daniel Phillips @ 2001-12-29 18:13 ` Oliver Xymoron 2001-12-29 18:49 ` Daniel Phillips 0 siblings, 1 reply; 7+ messages in thread From: Oliver Xymoron @ 2001-12-29 18:13 UTC (permalink / raw) To: Daniel Phillips Cc: Legacy Fishtank, Linus Torvalds, Rik van Riel, linux-kernel On Sat, 29 Dec 2001, Daniel Phillips wrote: > On December 27, 2001 10:35 pm, Legacy Fishtank wrote: > > On Thu, Dec 27, 2001 at 12:35:38PM -0800, Linus Torvalds wrote: > > > Also worthwhile for automation is an md5sum or similar (for verifying that > > > the mail made it though the mail system unscathed). A pgp signature would > > > be even better, of course - especially useful as I suspect it would be > > > good to also cc the things to some patch-list, and having a clear identity > > > on the sender is always a good idea in these things. > > > > I've been thinking that a "patches@kernel.org" dumping ground would be > > useful. > > > > This is NOT intended as a patch tracker. This is NOT intended as a > > substitution for submitting the patch to you, but instead intended > > as a patch archive that doesn't go away. We have seen linux-kernel > > archives come and go, or drop messages. But a patch archive would be > > useful... I'm not sure a mailing list proper is right for the job, > > since I want to support the reception and archiving of multi-megabyte > > patches at times. > > Exactly what I was thinking of: 'linux-patches@kernel.org'. The idea is, > instead of putting [PATCH] on your subject line and cc'ing it to Linus, you > mail it to linux-patches with a cc to lkml if you like (depending on size of > patch, how interesting, etc). In any event, linux-patches will forward a > copy to Linus. You of course need something like -2.4 and -2.5. -- "Love the dolphins," she advised him. "Write by W.A.S.T.E.." ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] rlimit_nproc 2001-12-29 18:13 ` Oliver Xymoron @ 2001-12-29 18:49 ` Daniel Phillips 2001-12-29 19:12 ` Oliver Xymoron 0 siblings, 1 reply; 7+ messages in thread From: Daniel Phillips @ 2001-12-29 18:49 UTC (permalink / raw) To: Oliver Xymoron Cc: Legacy Fishtank, Linus Torvalds, Rik van Riel, linux-kernel On December 29, 2001 07:13 pm, Oliver Xymoron wrote: > On Sat, 29 Dec 2001, Daniel Phillips wrote: > > > On December 27, 2001 10:35 pm, Legacy Fishtank wrote: > > > On Thu, Dec 27, 2001 at 12:35:38PM -0800, Linus Torvalds wrote: > > > > Also worthwhile for automation is an md5sum or similar (for verifying that > > > > the mail made it though the mail system unscathed). A pgp signature would > > > > be even better, of course - especially useful as I suspect it would be > > > > good to also cc the things to some patch-list, and having a clear identity > > > > on the sender is always a good idea in these things. > > > > > > I've been thinking that a "patches@kernel.org" dumping ground would be > > > useful. > > > > > > This is NOT intended as a patch tracker. This is NOT intended as a > > > substitution for submitting the patch to you, but instead intended > > > as a patch archive that doesn't go away. We have seen linux-kernel > > > archives come and go, or drop messages. But a patch archive would be > > > useful... I'm not sure a mailing list proper is right for the job, > > > since I want to support the reception and archiving of multi-megabyte > > > patches at times. > > > > Exactly what I was thinking of: 'linux-patches@kernel.org'. The idea is, > > instead of putting [PATCH] on your subject line and cc'ing it to Linus, you > > mail it to linux-patches with a cc to lkml if you like (depending on size of > > patch, how interesting, etc). In any event, linux-patches will forward a > > copy to Linus. > > You of course need something like -2.4 and -2.5. Yes: linux-patches-2.0@kernel.org linux-patches-2.2@kernel.org linux-patches-2.4@kernel.org linux-patches-2.5@kernel.org Now... conventions for the subject line? By the way, this to me is really a 'bot'. The bulk of the proposals in this thread seem more like tools. -- Daniel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] rlimit_nproc 2001-12-29 18:49 ` Daniel Phillips @ 2001-12-29 19:12 ` Oliver Xymoron 0 siblings, 0 replies; 7+ messages in thread From: Oliver Xymoron @ 2001-12-29 19:12 UTC (permalink / raw) To: Daniel Phillips Cc: Legacy Fishtank, Linus Torvalds, Rik van Riel, linux-kernel On Sat, 29 Dec 2001, Daniel Phillips wrote: > > You of course need something like -2.4 and -2.5. > > Yes: > > linux-patches-2.0@kernel.org > linux-patches-2.2@kernel.org > linux-patches-2.4@kernel.org > linux-patches-2.5@kernel.org > > Now... conventions for the subject line? Subjects should be human-readable and descriptive. If they're going to Linux-kernel, they should contain [patch]. I don't think you can realistically ask for much more unless you put something behind it capable of rejecting non-conformers. -- "Love the dolphins," she advised him. "Write by W.A.S.T.E.." ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2001-12-29 19:13 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2001-12-27 20:18 [PATCH] rlimit_nproc Rik van Riel 2001-12-27 20:35 ` Linus Torvalds 2001-12-27 21:35 ` Legacy Fishtank 2001-12-28 23:53 ` Daniel Phillips 2001-12-29 18:13 ` Oliver Xymoron 2001-12-29 18:49 ` Daniel Phillips 2001-12-29 19:12 ` Oliver Xymoron
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).