unixd_set_rlimit() doesn't allow RLimit{CPU,NPROC,MEM} to modify
rlim_max if httpd isn't started as root -- even if the value would
decrease rlim_max.
The coment seen in the context of the patch attached below, RLimitXXX
documentation, and setrlimit manual say the restriction should be
that non-root users can't *increase* rlim_max.
(patch copied below)
Index: os/unix/unixd.c
===================================================================
--- os/unix/unixd.c (revision 367782)
+++ os/unix/unixd.c (working copy)
@@ -260,10 +260,13 @@
/* if we aren't running as root, cannot increase max */
if (geteuid()) {
limit->rlim_cur = cur;
- if (max) {
+ if (max && (max > limit->rlim_max)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server,
"Must be uid 0 to raise maximum %s", cmd->cmd->name);
}
+ else if (max) {
+ limit->rlim_max = max;
+ }
}
else {
if (cur) {
--
Eric Covener
[EMAIL PROTECTED]
Index: os/unix/unixd.c
===================================================================
--- os/unix/unixd.c (revision 367782)
+++ os/unix/unixd.c (working copy)
@@ -260,10 +260,13 @@
/* if we aren't running as root, cannot increase max */
if (geteuid()) {
limit->rlim_cur = cur;
- if (max) {
+ if (max && (max > limit->rlim_max)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server,
"Must be uid 0 to raise maximum %s", cmd->cmd->name);
}
+ else if (max) {
+ limit->rlim_max = max;
+ }
}
else {
if (cur) {
