ChangeSet@1.1136.73.2 2003-12-02 11:58:06-02:00 neilb at unsw.edu.au [PATCH] Make root a special case for per-user process limits. This is needed because when a setuid-root program calls setuid(0) to become really-root, p->user becomes root_user, but ->rlim stays as the original user's limit, and now the process cannot fork - becuase root has more processes than the original user had. The real problem is that NPROC is not really a per-process limit, but its a per-user limit, and including it with the rlim structure was not a good idea :-( This fix is already in 2.6 --- linux-2.4.23/kernel/fork.c.orig Tue Dec 9 00:38:16 2003 +++ linux-2.4.23/kernel/fork.c Tue Dec 9 00:38:59 2003 @@ -669,6 +669,7 @@ * than the amount of processes root is running. -- Rik */ if (atomic_read(&p->user->processes) >= p->rlim[RLIMIT_NPROC].rlim_cur + && p->user != &root_user && !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) goto bad_fork_free;