"man rctl.conf" describes the example of loginclass:testing:nproc:deny=100/user # At most 100 processes per user There is no resource nproc, rather maxproc should be used. A corrected example would be loginclass:userlo:maxproc:deny=100/user Thankyou.
I opened a review for a patch here: https://reviews.freebsd.org/D40885
(In reply to Benedict Reuschling from comment #1) I performed testing as follows: # rctl -a loginclass:userhi:maxproc:deny=3/user # rctl loginclass:userlo:maxproc:deny=3/user Two simultaineous login sessions were initiated. One session ran top. The other session performed the following: $ cc /tmp/a.c -sh: Cannot fork: Resource temporarily unavailable $ top -sh: Cannot fork: Resource temporarily unavailable Obviously fourth process was denied. The audit log also captured: failure : Resource temporarily unavailable Apologies for using my "userlo" class, it should've been "testing", so a corrected suggestion is: loginclass:testing:maxproc:deny=100/user # At most 100 processes per user PS the man page for auditd incorrectly contains: asl, libauditd, launchd in its 'See Also' section. They don't exit.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=07b2c79cc6c782ae57b6287688338d0ac3941e66 commit 07b2c79cc6c782ae57b6287688338d0ac3941e66 Author: Benedict Reuschling <bcr@FreeBSD.org> AuthorDate: 2023-10-06 09:02:30 +0000 Commit: Benedict Reuschling <bcr@FreeBSD.org> CommitDate: 2023-10-06 09:02:30 +0000 Correct the example: use maxproc instead of nonexistent nproc Reported by: dewayne@heuristicsystems.com.au PR: 272357 Differential Revision: https://reviews.freebsd.org/D40885 share/man/man5/rctl.conf.5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
I've committed a patch to fix the man page. Can you submit a new PR to track the changes that you want to see in auditd? We can discuss the change there instead of this unrelated change. Thanks for submitting this problem report.