On Tue, 6 Jun 2006, Jeremy C. Reed wrote:

> I think a fix for this problem would be to do a double fork. Do the second
> fork after the setusercontext(). This second fork will correctly fail if
> over the maxproc for example. (And examples of doing a double fork for
> this purpose?)

It might incorrectly fail also (if nproc == maxproc)

> Or should a userland program check the resource settings itself? (Any
> examples of that?)
>
> Or is it acceptable for programs to go over (ignore) the defined maxproc?

If it is actually a problem, then I would say that the correct place to
check it would be under setuid() somewhere (probably do_setresuid() in
sys/kern/kern_prot.c?), and return EPROCLIM if the operation would exceed
limits.  I couldnt say if that would have other implications though..

iain