>Number:         35021
>Category:       kern
>Synopsis:       root cannot get/set rlimit information of user processes through sysctl
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 08 20:25:00 +0000 2006
>Originator:     Brian de Alwis
>Release:        NetBSD 4.99.3 (as of 2006/11/07)
>Organization:
  Brian de Alwis | Software Practices Lab | UBC | http://www.cs.ubc.ca/~bsd/
      "Amusement to an observing mind is study." - Benjamin Disraeli
>Environment:
System: NetBSD monolith 4.99.3 NetBSD 4.99.3 (LAPTOP.MPACPI) #3: Tue Nov 7 19:51:13 CST 2006 bsd@monolith:/usr/obj/sys/arch/i386/compile/LAPTOP.MPACPI i386
Architecture: i386
Machine: i386
    This is GENERIC.MPACPI with some PCI* options for my machine.
>Description:
	Root is no longer able to get or set rlimit information for
	user processes using the sysctl interface.  Any attempts are
	rebuffed with an EPERM.  This happens using a root shell
	obtained from sudo

	The problem is in kern/kern_resource.c's sysctl_proc_plimit
	where the call to sysctl_proc_findproc fails.

	This behaviour was introduced sometime after the beginning of August.

>How-To-Repeat:
	As a user (using /bin/sh), set the hard datalimit to 256MB:
	$ ulimit -d 256000
	$ echo $$
	2657
	$

	As root, try to raise hard datalimit for proc 2657 to 384M
	# sysctl -w 'proc.2657.rlimit.datasize.hard=402653184'
	sysctl: proc.2657.rlimit.datasize.hard: sysctl() failed with Operation not permitted
	#

>Fix:
	<how to correct or work around the problem, if known (multiple lines)>