3 files changed, 42 insertions, 3 deletions

diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 94a9fdb6..a9b5d56b 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -654,7 +654,24 @@ void responder_set_fd_limit(rlim_t fd_limit)
     struct rlimit current_limit, new_limit;
     int limret;
 
-    /* First determine the maximum hard limit */
+    /* First, let's see if we have permission to just set
+     * the value as-is.
+     */
+    new_limit.rlim_cur = fd_limit;
+    new_limit.rlim_max = fd_limit;
+    limret = setrlimit(RLIMIT_NOFILE, &new_limit);
+    if (limret == 0) {
+        DEBUG(SSSDBG_CONF_SETTINGS,
+              ("Maximum file descriptors set to [%d]\n",
+               new_limit.rlim_cur));
+        return;
+    }
+
+    /* We couldn't set the soft and hard limits to this
+     * value. Let's see how high we CAN set it.
+     */
+
+    /* Determine the maximum hard limit */
     limret = getrlimit(RLIMIT_NOFILE, &current_limit);
     if (limret == 0) {
         DEBUG(SSSDBG_TRACE_INTERNAL,
diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
index 3c23f1bf..ef66b22f 100644
--- a/src/responder/nss/nsssrv.c
+++ b/src/responder/nss/nsssrv.c
@@ -251,6 +251,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
     struct nss_ctx *nctx;
     int ret, max_retries;
     int hret;
+    int fd_limit;
 
     nctx = talloc_zero(mem_ctx, struct nss_ctx);
     if (!nctx) {
@@ -309,7 +310,17 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
     }
 
     /* Set up file descriptor limits */
-    responder_set_fd_limit(DEFAULT_NSS_FD_LIMIT);
+    ret = confdb_get_int(nctx->rctx->cdb, nctx->rctx,
+                         CONFDB_NSS_CONF_ENTRY,
+                         CONFDB_SERVICE_FD_LIMIT,
+                         DEFAULT_NSS_FD_LIMIT,
+                         &fd_limit);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              ("Failed to set up file descriptor limit\n"));
+        return ret;
+    }
+    responder_set_fd_limit(fd_limit);
 
     DEBUG(1, ("NSS Initialization complete\n"));
 
diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
index 2786fe4e..6cb564a7 100644
--- a/src/responder/pam/pamsrv.c
+++ b/src/responder/pam/pamsrv.c
@@ -111,6 +111,7 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
     struct pam_ctx *pctx;
     int ret, max_retries;
     int id_timeout;
+    int fd_limit;
 
     pctx = talloc_zero(mem_ctx, struct pam_ctx);
     if (!pctx) {
@@ -186,7 +187,17 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
     }
 
     /* Set up file descriptor limits */
-    responder_set_fd_limit(DEFAULT_PAM_FD_LIMIT);
+    ret = confdb_get_int(pctx->rctx->cdb, pctx->rctx,
+                         CONFDB_PAM_CONF_ENTRY,
+                         CONFDB_SERVICE_FD_LIMIT,
+                         DEFAULT_PAM_FD_LIMIT,
+                         &fd_limit);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_FATAL_FAILURE,
+              ("Failed to set up file descriptor limit\n"));
+        return ret;
+    }
+    responder_set_fd_limit(fd_limit);
 
     ret = EOK;