Bug 229994 - vncserver does not honor /etc/security/limits.conf
vncserver does not honor /etc/security/limits.conf
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: vnc (Show other bugs)
4.4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Adam Tkac
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-25 11:58 EST by Rainer Traut
Modified: 2013-04-30 19:35 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-22 07:24:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Rainer Traut 2007-02-25 11:58:21 EST
Description of problem:
vncserver does not honor /etc/security/limits.conf
E.g. setting nofile in /etc/security/limits.conf for an user and running the
vncserver init script the user is not alloed to open the set file limits.

Version-Release number of selected component (if applicable):
vnc-server-4.0-8.1

How reproducible:
always

Steps to Reproduce:
1. 
# cat /etc/security/limits.conf |grep nofile
tr              soft    nofile          4000
tr              hard    nofile          40000

# cat /etc/sysconfig/vncservers|grep tr
VNCSERVERS="2:tr"
VNCSERVERARGS[2]="-geometry 1152x864"

2. 
service vncserver start

3.
Connect to the session and watch the limits:
$ ulimit -n
1024

  
Actual results:
$ ulimit -n
1024

Expected results:
$ ulimit -n
40000


Additional info:
This is maybe a runuser problem as it does not use pam.
Using su instead of runuser in the initscript works.
Comment 4 Adam Tkac 2007-05-22 07:24:52 EDT
I discussed this problem with Daniel Walsh (selinux expert) and substitude
runuser by su could cause problems.

(from dwalsh: If su has the pam_selinux.so line in it with multiple specified, 
It could cause problems.)

For this I must close this bug. See also
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134594

Regards, Adam

Note You need to log in before you can comment on or make changes to this bug.