aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdam Tkac <vonsch@gmail.com>2008-10-16 01:01:45 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-10-16 14:21:31 -0400
commit0c2d64fb6cae9aae480f6a46cfe79f8d7d48b59f (patch)
treef0080c63a78a021cc3404e12e205e3b82e982427
parentb4236f81f2347096df650fb072f50d67bb6066a2 (diff)
rlimit: permit setting RLIMIT_NOFILE to RLIM_INFINITY
When a process wants to set the limit of open files to RLIM_INFINITY it gets EPERM even if it has CAP_SYS_RESOURCE capability. For example, BIND does: ... #elif defined(NR_OPEN) && defined(__linux__) /* * Some Linux kernels don't accept RLIM_INFINIT; the maximum * possible value is the NR_OPEN defined in linux/fs.h. */ if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { rl.rlim_cur = rl.rlim_max = NR_OPEN; unixresult = setrlimit(unixresource, &rl); if (unixresult == 0) return (ISC_R_SUCCESS); } #elif ... If we allow setting RLIMIT_NOFILE to RLIM_INFINITY we increase portability - you don't have to check if OS is linux and then use different schema for limits. The spec says "Specifying RLIM_INFINITY as any resource limit value on a successful call to setrlimit() shall inhibit enforcement of that resource limit." and we're presently not doing that. Cc: Michael Kerrisk <mtk.manpages@googlemail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--kernel/sys.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/kernel/sys.c b/kernel/sys.c
index 234d9454294e..d5b79f65ad9b 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1450,14 +1450,22 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit __user *rlim)
1450 return -EINVAL; 1450 return -EINVAL;
1451 if (copy_from_user(&new_rlim, rlim, sizeof(*rlim))) 1451 if (copy_from_user(&new_rlim, rlim, sizeof(*rlim)))
1452 return -EFAULT; 1452 return -EFAULT;
1453 if (new_rlim.rlim_cur > new_rlim.rlim_max)
1454 return -EINVAL;
1455 old_rlim = current->signal->rlim + resource; 1453 old_rlim = current->signal->rlim + resource;
1456 if ((new_rlim.rlim_max > old_rlim->rlim_max) && 1454 if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
1457 !capable(CAP_SYS_RESOURCE)) 1455 !capable(CAP_SYS_RESOURCE))
1458 return -EPERM; 1456 return -EPERM;
1459 if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > sysctl_nr_open) 1457
1460 return -EPERM; 1458 if (resource == RLIMIT_NOFILE) {
1459 if (new_rlim.rlim_max == RLIM_INFINITY)
1460 new_rlim.rlim_max = sysctl_nr_open;
1461 if (new_rlim.rlim_cur == RLIM_INFINITY)
1462 new_rlim.rlim_cur = sysctl_nr_open;
1463 if (new_rlim.rlim_max > sysctl_nr_open)
1464 return -EPERM;
1465 }
1466
1467 if (new_rlim.rlim_cur > new_rlim.rlim_max)
1468 return -EINVAL;
1461 1469
1462 retval = security_task_setrlimit(resource, &new_rlim); 1470 retval = security_task_setrlimit(resource, &new_rlim);
1463 if (retval) 1471 if (retval)