From: Matthew Mondor <mmondor@pulsar-zone.net>
Date: Thu, 16 Jul 2015 04:01:28 +0000 (+0000)
Subject: *** empty log message ***
X-Git-Url: http://git.pulsar-zone.net/?a=commitdiff_plain;h=c25b958d5349e57f74851237a15d1ab94f0bede6;p=mmondor.git

*** empty log message ***
---

diff --git a/netbsd/netbsd_improvements.txt b/netbsd/netbsd_improvements.txt
index 6886496..edb0061 100644
--- a/netbsd/netbsd_improvements.txt
+++ b/netbsd/netbsd_improvements.txt
@@ -10,6 +10,20 @@ Status, defined by the first column:
 * The fix that was submitted via PR was accepted and commited.
 
 
+- Daemons run via boot init scripts which themselves drop privileges without
+  necessarily calling login(1) do not inherit any rlimit set in login.conf(5)
+  (neither from the default class nor from the class of the unprivileged
+  user that is setuid(2)s to).
+  Therefore, configuring limits in login.conf(5) is not always useful or
+  sufficient.
+  Because rlimits are inherited at fork(2), it would probably be adequate
+  for init(8) to also at least load and apply rlimits from the default class.
+  It is possible to modify default rlimit values via options(4) (some of that
+  documentation needs updating too, like OPEN_MAX which is no longer 64
+  today), but this requires kernel recompilation.  If possible, sysctl(8)
+  knobs should be provided to permit to change this default value instead.  If
+  this worked, init(8) would not need to be modified.
+
 - csh(1) will reach the heap limit if given the following command:
   "yes `yes maybe`" and similar.
   psave() should ideally respect the ARG_MAX exec(2) limit, and it probably