From 457927f4210a0c41289521d55617b6d6bb6a46e0 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 17 Feb 2012 12:14:39 -0500 Subject: RESPONDERS: Make the fd_limit setting configurable This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197 --- src/responder/common/responder_common.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'src/responder/common') diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 94a9fdb63..a9b5d56b0 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -654,7 +654,24 @@ void responder_set_fd_limit(rlim_t fd_limit) struct rlimit current_limit, new_limit; int limret; - /* First determine the maximum hard limit */ + /* First, let's see if we have permission to just set + * the value as-is. + */ + new_limit.rlim_cur = fd_limit; + new_limit.rlim_max = fd_limit; + limret = setrlimit(RLIMIT_NOFILE, &new_limit); + if (limret == 0) { + DEBUG(SSSDBG_CONF_SETTINGS, + ("Maximum file descriptors set to [%d]\n", + new_limit.rlim_cur)); + return; + } + + /* We couldn't set the soft and hard limits to this + * value. Let's see how high we CAN set it. + */ + + /* Determine the maximum hard limit */ limret = getrlimit(RLIMIT_NOFILE, ¤t_limit); if (limret == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, -- cgit