#917374 pam: 027_pam_limits_better_init_allow_explicit_root is having serious negative interactions with systemd 240

Package:
src:pam
Source:
pam
Submitter:
Christian Weeks
Date:
2024-05-26 00:21:04 UTC
Severity:
important
Tags:
#917374#5
Date:
2018-12-26 19:11:23 UTC
From:
To:
Dear Maintainer,

The SystemD 240 update has changed the handling of NOFILE for the init process and processes it directly spawns.

See: https://github.com/systemd/systemd/pull/10244

Unfortunately, it seems that the patch above, which is forcing NOFILE to "infinity" (effectively 1G?) is now
having a serious adverse effect on various processes that are spawned by SystemD directly, see: https://github.com/systemd/systemd/issues/10921
and a KDE init bug similarly.

I can't find a bug reporting this to debian, even though the root cause seems to be this patch to force "infinity" onto PID 1.

Hope this helps.

#917374#10
Date:
2019-02-12 06:01:21 UTC
From:
To:
Hello,

I am aware of https://github.com/systemd/systemd/issues/10921 and see that
you commented on that PR before you filed this one here, but you have
attributed the root cause to the wrong patch.  Retitling this bug.

This will take some time to fix correctly; I don't agree with systemd
upstream's analysis that PAM should not reset limits, but clearly the limits
we are ending up with have negative consequences at present.

I think it is also unequivocally a bug in the other packages to perform any
operations based on the NOFILE hard limit instead of the soft limit, and
those packages should also be fixed regardless as this is a latent bug
whether or not we change the default hard limit in Debian back down.

#917374#21
Date:
2021-06-28 12:59:42 UTC
From:
To:
PAM Bug report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990412
#917374#28
Date:
2024-05-26 00:17:34 UTC
From:
To:
On Thu, 7 Oct 2021 23:06:34 +0200 Chris Hofstaedtler <zeha@debian.org> wrote:
outcome, it will
package) so that
"pam_limits.so".
might be a
and
way
if pid 1
set_all)
pick it up

In 2.38 util-linux started setting some defaults in su, so I don't
think the original downstream change is needed anymore:

https://github.com/util-linux/util-linux/commit/08273c672b105602e1a9031160ccefec171b02ed

I am going to revert the change from #917167 that stopped the default
fd limit from being bumped, sometimes next week. If changes are needed
to deal with this in the pam/util-linux config/patches, I would
appreciate if they could please be taken care of for Trixie. Thanks.