summaryrefslogtreecommitdiff
path: root/src/responder
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-02-17 12:14:39 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-02-17 14:27:32 -0500
commit457927f4210a0c41289521d55617b6d6bb6a46e0 (patch)
tree39a29f3e1c86d74602eaece4bf146bf3672925dc /src/responder
parent1a63155b0797c2b1963424e5c0f5d3a62f8cc7cc (diff)
downloadsssd-457927f4210a0c41289521d55617b6d6bb6a46e0.tar.gz
sssd-457927f4210a0c41289521d55617b6d6bb6a46e0.tar.bz2
sssd-457927f4210a0c41289521d55617b6d6bb6a46e0.zip
RESPONDERS: Make the fd_limit setting configurable
This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/common/responder_common.c19
-rw-r--r--src/responder/nss/nsssrv.c13
-rw-r--r--src/responder/pam/pamsrv.c13
3 files changed, 42 insertions, 3 deletions
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 94a9fdb6..a9b5d56b 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -654,7 +654,24 @@ void responder_set_fd_limit(rlim_t fd_limit)
struct rlimit current_limit, new_limit;
int limret;
- /* First determine the maximum hard limit */
+ /* First, let's see if we have permission to just set
+ * the value as-is.
+ */
+ new_limit.rlim_cur = fd_limit;
+ new_limit.rlim_max = fd_limit;
+ limret = setrlimit(RLIMIT_NOFILE, &new_limit);
+ if (limret == 0) {
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ ("Maximum file descriptors set to [%d]\n",
+ new_limit.rlim_cur));
+ return;
+ }
+
+ /* We couldn't set the soft and hard limits to this
+ * value. Let's see how high we CAN set it.
+ */
+
+ /* Determine the maximum hard limit */
limret = getrlimit(RLIMIT_NOFILE, &current_limit);
if (limret == 0) {
DEBUG(SSSDBG_TRACE_INTERNAL,
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 3c23f1bf..ef66b22f 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -251,6 +251,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
struct nss_ctx *nctx;
int ret, max_retries;
int hret;
+ int fd_limit;
nctx = talloc_zero(mem_ctx, struct nss_ctx);
if (!nctx) {
@@ -309,7 +310,17 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
}
/* Set up file descriptor limits */
- responder_set_fd_limit(DEFAULT_NSS_FD_LIMIT);
+ ret = confdb_get_int(nctx->rctx->cdb, nctx->rctx,
+ CONFDB_NSS_CONF_ENTRY,
+ CONFDB_SERVICE_FD_LIMIT,
+ DEFAULT_NSS_FD_LIMIT,
+ &fd_limit);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Failed to set up file descriptor limit\n"));
+ return ret;
+ }
+ responder_set_fd_limit(fd_limit);
DEBUG(1, ("NSS Initialization complete\n"));
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 2786fe4e..6cb564a7 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -111,6 +111,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
struct pam_ctx *pctx;
int ret, max_retries;
int id_timeout;
+ int fd_limit;
pctx = talloc_zero(mem_ctx, struct pam_ctx);
if (!pctx) {
@@ -186,7 +187,17 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
}
/* Set up file descriptor limits */
- responder_set_fd_limit(DEFAULT_PAM_FD_LIMIT);
+ ret = confdb_get_int(pctx->rctx->cdb, pctx->rctx,
+ CONFDB_PAM_CONF_ENTRY,
+ CONFDB_SERVICE_FD_LIMIT,
+ DEFAULT_PAM_FD_LIMIT,
+ &fd_limit);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+ ("Failed to set up file descriptor limit\n"));
+ return ret;
+ }
+ responder_set_fd_limit(fd_limit);
ret = EOK;