Of course, that patch got the RTLMIT_NICE range wrong :p
Attatched patch properly limits the "nice" value to the range of [-20, 19].
diff -ru pam-0.79/Linux-PAM/modules/pam_limits/pam_limits.c pam-0.79.rtlimit/Linux-PAM/modules/pam_limits/pam_limits.c
--- pam-0.79/Linux-PAM/modules/pam_limits/pam_limits.c 2005-09-27 21:11:36.000000000 -0400
+++ pam-0.79.rtlimit/Linux-PAM/modules/pam_limits/pam_limits.c 2005-09-28 20:43:01.000000000 -0400
@@ -327,6 +327,14 @@
else if (strcmp(lim_item, "msgqueue") == 0)
limit_item = RLIMIT_MSGQUEUE;
#endif
+#ifdef RLIMIT_RTPRIO
+ else if (strcmp(lim_item, "rt_prio") == 0)
+ limit_item = RLIMIT_RTPRIO;
+#endif
+#ifdef RLIMIT_NICE
+ else if (strcmp(lim_item, "nice") == 0)
+ limit_item = RLIMIT_NICE;
+#endif
else if (strcmp(lim_item, "maxlogins") == 0) {
limit_item = LIMIT_LOGIN;
pl->flag_numsyslogins = 0;
@@ -399,6 +407,15 @@
#endif
limit_value *= 1024;
break;
+#ifdef RLIMIT_NICE
+ case RLIMIT_NICE:
+ if (limit_value > 19)
+ limit_value = 19;
+ if (limit_value < -20)
+ limit_value = -20;
+ limit_value = 19 - limit_value;
+ break;
+#endif
}
if ( (limit_item != LIMIT_LOGIN)
diff -ru pam-0.79/Linux-PAM/modules/pam_limits/README pam-0.79.rtlimit/Linux-PAM/modules/pam_limits/README
--- pam-0.79/Linux-PAM/modules/pam_limits/README 2005-01-10 05:09:51.000000000 -0500
+++ pam-0.79.rtlimit/Linux-PAM/modules/pam_limits/README 2005-09-27 22:15:01.000000000 -0400
@@ -42,6 +42,9 @@
- sigpending - max number of pending signals (Linux 2.6 and higher)
- msgqueue - max memory used by POSIX message queues (bytes)
(Linux 2.6 and higher)
+ - nice - max nice priority allowed to raise to. (Linux 2.6.12 and higher)
+ - rtprio - max realtime priority allowed for non-priviledged processes
+ (Linux 2.6.12 and higher)
Note, if you specify a type of '-' but neglect to supply the item and
value fields then the module will never enforce any limits on the
