10 files changed, 286 insertions, 117 deletions

diff --git a/lib/libc/stdlib/Makefile.inc b/lib/libc/stdlib/Makefile.inc
index f9b8fec..86b3c65 100644
--- a/lib/libc/stdlib/Makefile.inc
+++ b/lib/libc/stdlib/Makefile.inc
@@ -6,9 +6,9 @@
 
 MISRCS+=_Exit.c a64l.c abort.c abs.c atexit.c atof.c atoi.c atol.c atoll.c \
 	bsearch.c div.c exit.c getenv.c getopt.c getopt_long.c \
-	getsubopt.c grantpt.c hcreate.c heapsort.c imaxabs.c imaxdiv.c \
+	getsubopt.c hcreate.c heapsort.c imaxabs.c imaxdiv.c \
 	insque.c l64a.c labs.c ldiv.c llabs.c lldiv.c lsearch.c malloc.c \
-	merge.c qsort.c qsort_r.c radixsort.c rand.c random.c \
+	merge.c ptsname.c qsort.c qsort_r.c radixsort.c rand.c random.c \
 	reallocf.c realpath.c remque.c strfmon.c strtoimax.c \
 	strtol.c strtoll.c strtoq.c strtoul.c strtonum.c strtoull.c \
         strtoumax.c strtouq.c system.c tdelete.c tfind.c tsearch.c twalk.c
@@ -21,10 +21,10 @@ SYM_MAPS+= ${.CURDIR}/stdlib/Symbol.map
 .endif
 
 MAN+=	a64l.3 abort.3 abs.3 alloca.3 atexit.3 atof.3 atoi.3 atol.3 bsearch.3 \
-	div.3 exit.3 getenv.3 getopt.3 getopt_long.3 getsubopt.3 grantpt.3 \
+	div.3 exit.3 getenv.3 getopt.3 getopt_long.3 getsubopt.3 \
 	hcreate.3 imaxabs.3 imaxdiv.3 insque.3 labs.3 ldiv.3 llabs.3 lldiv.3 \
-	lsearch.3 malloc.3 memory.3 posix_memalign.3 qsort.3 radixsort.3 \
-	rand.3 random.3 \
+	lsearch.3 malloc.3 memory.3 posix_memalign.3 ptsname.3 qsort.3 \
+	radixsort.3 rand.3 random.3 \
 	realpath.3 strfmon.3 strtod.3 strtol.3 strtonum.3 strtoul.3 system.3 \
 	tsearch.3
 
@@ -33,10 +33,10 @@ MLINKS+=atol.3 atoll.3
 MLINKS+=exit.3 _Exit.3
 MLINKS+=getenv.3 putenv.3 getenv.3 setenv.3 getenv.3 unsetenv.3
 MLINKS+=getopt_long.3 getopt_long_only.3
-MLINKS+=grantpt.3 posix_openpt.3 grantpt.3 ptsname.3 grantpt.3 unlockpt.3
 MLINKS+=hcreate.3 hdestroy.3 hcreate.3 hsearch.3
 MLINKS+=insque.3 remque.3
 MLINKS+=lsearch.3 lfind.3
+MLINKS+=ptsname.3 grantpt.3 ptsname.3 unlockpt.3
 MLINKS+=qsort.3 heapsort.3 qsort.3 mergesort.3 qsort.3 qsort_r.3
 MLINKS+=rand.3 rand_r.3 rand.3 srand.3 rand.3 sranddev.3
 MLINKS+=random.3 initstate.3 random.3 setstate.3 random.3 srandom.3 \
diff --git a/lib/libc/stdlib/Symbol.map b/lib/libc/stdlib/Symbol.map
index 23cb391..10dff7e 100644
--- a/lib/libc/stdlib/Symbol.map
+++ b/lib/libc/stdlib/Symbol.map
@@ -30,7 +30,6 @@ FBSD_1.0 {
 	suboptarg;
 	getsubopt;
 	grantpt;
-	posix_openpt;
 	ptsname;
 	unlockpt;
 	hcreate;
diff --git a/lib/libc/stdlib/grantpt.3 b/lib/libc/stdlib/ptsname.3
index b4ad8c4..b9c7381 100644
--- a/lib/libc/stdlib/grantpt.3
+++ b/lib/libc/stdlib/ptsname.3
@@ -31,14 +31,13 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 23, 2002
+.Dd August 20, 2008
 .Os
-.Dt GRANTPT 3
+.Dt PTSNAME 3
 .Sh NAME
 .Nm grantpt ,
 .Nm ptsname ,
-.Nm unlockpt ,
-.Nm posix_openpt
+.Nm unlockpt
 .Nd pseudo-terminal access functions
 .Sh LIBRARY
 .Lb libc
@@ -50,21 +49,17 @@
 .Fn ptsname "int fildes"
 .Ft int
 .Fn unlockpt "int fildes"
-.In fcntl.h
-.Ft int
-.Fn posix_openpt "int mode"
 .Sh DESCRIPTION
 The
 .Fn grantpt ,
 .Fn ptsname ,
-.Fn unlockpt ,
 and
-.Fn posix_openpt
+.Fn unlockpt
 functions allow access to pseudo-terminal devices.
-The first three functions accept a file descriptor
-that references the master half of a pseudo-terminal pair.
+These three functions accept a file descriptor that references the
+master half of a pseudo-terminal pair.
 This file descriptor is created with
-.Fn posix_openpt .
+.Xr posix_openpt 2 .
 .Pp
 The
 .Fn grantpt
@@ -77,9 +72,7 @@ of the calling process, and the permissions are set to
 user readable-writable and group writable.
 The group owner of the slave device is also set to the
 group
-.Dq Li tty
-if it exists on the system; otherwise, it
-is left untouched.
+.Dq Li tty .
 .Pp
 The
 .Fn ptsname
@@ -88,7 +81,7 @@ counterpart to the master device specified with
 .Fa fildes .
 This value can be used
 to subsequently open the appropriate slave after
-.Fn posix_openpt
+.Xr posix_openpt 2
 and
 .Fn grantpt
 have been called.
@@ -98,22 +91,6 @@ The
 function clears the lock held on the pseudo-terminal pair
 for the master device specified with
 .Fa fildes .
-.Pp
-The
-.Fn posix_openpt
-function opens the first available master pseudo-terminal
-device and returns a descriptor to it.
-The
-.Fa mode
-argument
-specifies the flags used for opening the device:
-.Bl -tag -width ".Dv O_NOCTTY"
-.It Dv O_RDWR
-Open for reading and writing.
-.It Dv O_NOCTTY
-If set, do not allow the terminal to become
-the controlling terminal for the calling process.
-.El
 .Sh RETURN VALUES
 .Rv -std grantpt unlockpt
 .Pp
@@ -122,27 +99,19 @@ The
 function returns a pointer to the name
 of the slave device on success; otherwise a
 .Dv NULL
-pointer is returned and the global variable
-.Va errno
-is set to indicate the error.
-.Pp
-The
-.Fn posix_openpt
-function returns a file descriptor to the first
-available master pseudo-terminal device on success;
-otherwise \-1 is returned and the global variable
-.Va errno
-is set to indicate the error.
+pointer is returned.
 .Sh ERRORS
 The
-.Fn grantpt ,
-.Fn ptsname ,
+.Fn grantpt
 and
 .Fn unlockpt
 functions may fail and set
 .Va errno
 to:
 .Bl -tag -width Er
+.It Bq Er EBADF
+.Fa fildes
+is not a valid open file descriptor.
 .It Bq Er EINVAL
 .Fa fildes
 is not a master pseudo-terminal device.
@@ -157,69 +126,35 @@ to:
 .It Bq Er EACCES
 The slave pseudo-terminal device could not be accessed.
 .El
-.Pp
-The
-.Fn posix_openpt
-function may fail and set
-.Va errno
-to:
-.Bl -tag -width Er
-.It Bq Er EINVAL
-.Fa mode
-consists of an invalid mode bit.
-.It Bq Er EAGAIN
-The system has no available pseudo-terminal devices.
-.El
-.Pp
-The
-.Fn grantpt ,
-.Fn ptsname ,
-and
-.Fn unlockpt
-functions may also fail and set
-.Va errno
-for any of the errors specified for the
-.Xr fstat 2
-system call.
-.Pp
-The
-.Fn posix_openpt
-function may also fail and set
-.Va errno
-for any of the errors specified for the
-.Xr open 2
-system call.
 .Sh SEE ALSO
-.Xr open 2 ,
-.Xr pty 4 ,
+.Xr posix_openpt 2 ,
+.Xr pts 4 ,
 .Xr tty 4
 .Sh STANDARDS
 The
 .Fn grantpt ,
-.Fn ptsname ,
-.Fn unlockpt ,
+.Fn ptsname
 and
-.Fn posix_openpt
+.Fn unlockpt
 functions conform to
 .St -p1003.1-2001 .
 .Sh HISTORY
 The
 .Fn grantpt ,
-.Fn ptsname ,
-.Fn unlockpt ,
+.Fn ptsname
 and
-.Fn posix_openpt
+.Fn unlockpt
 functions appeared in
 .Fx 5.0 .
 .Sh NOTES
 The purpose of the
+.Fn grantpt
+and
 .Fn unlockpt
-function has no meaning in
-.Fx .
-.Pp
-The flag
-.Dv O_NOCTTY
-is included for compatibility; in
+functions has no meaning in
 .Fx ,
-opening a terminal does not cause it to become
-a process's controlling terminal.
+because pseudo-terminals obtained by
+.Xr posix_openpt 2
+are created on demand.
+Because these devices are created with proper permissions in place, they
+are guaranteed to be unused by unprivileged processes.
diff --git a/lib/libc/stdlib/ptsname.c b/lib/libc/stdlib/ptsname.c
new file mode 100644
index 0000000..fa606f6
--- /dev/null
+++ b/lib/libc/stdlib/ptsname.c
@@ -0,0 +1,95 @@
+/*-
+ * Copyright (c) 2008 Ed Schouten <ed@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Portions of this software were developed under sponsorship from Snow
+ * B.V., the Netherlands.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+#ifndef lint
+__FBSDID("$FreeBSD$");
+#endif /* not lint */
+
+#include "namespace.h"
+#include <sys/param.h>
+#include <sys/ioctl.h>
+
+#include <errno.h>
+#include <paths.h>
+#include "un-namespace.h"
+
+/*
+ * __isptmaster():  return whether the file descriptor refers to a
+ *                  pseudo-terminal master device.
+ */
+static int
+__isptmaster(int fildes)
+{
+
+	if (_ioctl(fildes, TIOCPTMASTER) == 0)
+		return (0);
+
+	if (errno != EBADF)
+		errno = EINVAL;
+
+	return (-1);
+}
+
+/*
+ * In our implementation, grantpt() and unlockpt() don't actually have
+ * any use, because PTY's are created on the fly and already have proper
+ * permissions upon creation.
+ *
+ * Just make sure `fildes' actually points to a real PTY master device.
+ */
+__strong_reference(__isptmaster, grantpt);
+__strong_reference(__isptmaster, unlockpt);
+
+/*
+ * ptsname():  return the pathname of the slave pseudo-terminal device
+ *             associated with the specified master.
+ */
+char *
+ptsname(int fildes)
+{
+	static char pt_slave[sizeof _PATH_DEV + SPECNAMELEN] = _PATH_DEV;
+	struct fiodgname_arg fgn;
+	char *ret = NULL;
+	int sverrno = errno;
+
+	/* Make sure fildes points to a master device. */
+	if (__isptmaster(fildes) != 0)
+		goto done;
+	
+	/* Obtain the device name through FIODGNAME. */
+	fgn.len = sizeof pt_slave - (sizeof _PATH_DEV - 1);
+	fgn.buf = pt_slave + (sizeof _PATH_DEV - 1);
+	if (_ioctl(fildes, FIODGNAME, &fgn) == 0)
+		ret = pt_slave;
+
+done:	/* Make sure ptsname() does not overwrite errno. */
+	errno = sverrno;
+	return (ret);
+}
diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index 195fb1f..f84ce13 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -79,8 +79,8 @@ MAN+=	abort2.2 accept.2 access.2 acct.2 adjtime.2 \
 	mlockall.2 mmap.2 modfind.2 modnext.2 modstat.2 mount.2 mprotect.2 \
 	mq_close.2 mq_getattr.2 mq_notify.2 mq_open.2 mq_receive.2 mq_send.2 \
 	mq_setattr.2 \
-	msync.2 munmap.2 nanosleep.2 nfssvc.2 ntp_adjtime.2 \
-	open.2 pathconf.2 pipe.2 poll.2 profil.2 ptrace.2 quotactl.2 \
+	msync.2 munmap.2 nanosleep.2 nfssvc.2 ntp_adjtime.2 open.2 \
+	pathconf.2 pipe.2 poll.2 posix_openpt.2 profil.2 ptrace.2 quotactl.2 \
 	read.2 readlink.2 reboot.2 recv.2 rename.2 revoke.2 rfork.2 rmdir.2 \
 	rtprio.2
 .if !defined(NO_P1003_1B)
diff --git a/lib/libc/sys/Symbol.map b/lib/libc/sys/Symbol.map
index d38f287..5217ab0 100644
--- a/lib/libc/sys/Symbol.map
+++ b/lib/libc/sys/Symbol.map
@@ -211,6 +211,7 @@ FBSD_1.0 {
 	pathconf;
 	pipe;
 	poll;
+	posix_openpt;
 	preadv;
 	profil;
 	ptrace;
diff --git a/lib/libc/sys/getrlimit.2 b/lib/libc/sys/getrlimit.2
index 93d91f6..d3550d2 100644
--- a/lib/libc/sys/getrlimit.2
+++ b/lib/libc/sys/getrlimit.2
@@ -28,7 +28,7 @@
 .\"     @(#)getrlimit.2	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd June 13, 2004
+.Dd August 20, 2008
 .Dt GETRLIMIT 2
 .Os
 .Sh NAME
@@ -97,6 +97,8 @@ mbufs, that this user may hold at any time.
 The maximum size (in bytes) of the stack segment for a process;
 this defines how far a program's stack segment may be extended.
 Stack extension is performed automatically by the system.
+.It Dv RLIMIT_NPTS
+The maximum number of pseudo-terminals created by this user id.
 .El
 .Pp
 A resource limit is specified as a soft limit and a hard limit.
diff --git a/lib/libc/sys/posix_openpt.2 b/lib/libc/sys/posix_openpt.2
new file mode 100644
index 0000000..2633847
--- /dev/null
+++ b/lib/libc/sys/posix_openpt.2
@@ -0,0 +1,135 @@
+.\" Copyright (c) 2008 Ed Schouten <ed@FreeBSD.org>
+.\" All rights reserved.
+.\"
+.\" Portions of this software were developed under sponsorship from Snow
+.\" B.V., the Netherlands.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" Portions of this text are reprinted and reproduced in electronic form
+.\" from IEEE Std 1003.1, 2004 Edition, Standard for Information Technology --
+.\" Portable Operating System Interface (POSIX), The Open Group Base
+.\" Specifications Issue 6, Copyright (C) 2001-2004 by the Institute of
+.\" Electrical and Electronics Engineers, Inc and The Open Group.  In the
+.\" event of any discrepancy between this version and the original IEEE and
+.\" The Open Group Standard, the original IEEE and The Open Group Standard is
+.\" the referee document.  The original Standard can be obtained online at
+.\"	http://www.opengroup.org/unix/online.html.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd August 20, 2008
+.Dt POSIX_OPENPT 2
+.Os
+.Sh NAME
+.Nm posix_openpt
+.Nd "open a pseudo-terminal device"
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In stdlib.h
+.In fcntl.h
+.Ft int
+.Fn posix_openpt "int oflag"
+.Sh DESCRIPTION
+The
+.Fn posix_openpt
+function allocates a new pseudo-terminal and establishes a connection
+with its master device.
+A slave device shall be created in
+.Pa /dev/pts .
+After the pseudo-terminal has been allocated, the slave device should
+have the proper permissions before it can be used (see
+.Xr grantpt 3 ) .
+The name of the slave device can be determined by calling
+.Xr ptsname 3 .
+.Pp
+The file status flags and file access modes of the open file description
+shall be set according to the value of
+.Fa oflag .
+Values for
+.Fa oflag
+are constructed by a bitwise-inclusive OR of flags from the following
+list, defined in
+.In fcntl.h :
+.Bl -tag -width ".Dv O_NOCTTY"
+.It Dv O_RDWR
+Open for reading and writing.
+.It Dv O_NOCTTY
+If set
+.Fn posix_openpt
+shall not cause the terminal device to become the controlling terminal
+for the process.
+.El
+.Pp
+The
+.Fn posix_openpt
+function shall fail when
+.Fa oflag
+contains other values.
+.Sh RETURN VALUES
+Upon successful completion, the
+.Fn posix_openpt
+function shall allocate a new pseudo-terminal device and return a
+non-negative integer representing a file descriptor, which is connected
+to its master device.
+Otherwise, -1 shall be returned and errno set to indicate the error.
+.Sh ERRORS
+The
+.Fn posix_openpt
+function shall fail if:
+.Bl -tag -width Er
+.It Bq Er ENFILE
+The system file table is full.
+.It Bq Er EINVAL
+The value of
+.Fa oflag
+is not valid.
+.It Bq Er EAGAIN
+Out of pseudo-terminal resources.
+.El
+.Sh SEE ALSO
+.Xr pts 4 ,
+.Xr ptsname 3 ,
+.Xr tty 4
+.Sh STANDARDS
+The
+.Fn posix_openpt
+function conforms to
+.St -p1003.1-2001 .
+.Sh HISTORY
+The
+.Fn posix_openpt
+function appeared in
+.Fx 5.0 .
+In
+.Fx 8.0 ,
+this function was changed to a system call.
+.Sh NOTES
+The flag
+.Dv O_NOCTTY
+is included for compatibility; in
+.Fx ,
+opening a terminal does not cause it to become a process's controlling
+terminal.
+.Sh AUTHORS
+.An Ed Schouten Aq ed@FreeBSD.org
diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5
index 863aa06..2d1b906 100644
--- a/lib/libutil/login.conf.5
+++ b/lib/libutil/login.conf.5
@@ -19,7 +19,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 9, 2006
+.Dd August 20, 2008
 .Dt LOGIN.CONF 5
 .Os
 .Sh NAME
@@ -176,7 +176,7 @@ The usual convention to interpolate capability entries using the special
 .Em tc=value
 notation may be used.
 .Sh RESOURCE LIMITS
-.Bl -column coredumpsize indent indent
+.Bl -column pseudoterminals indent indent
 .It Sy "Name	Type	Notes	Description
 .It "coredumpsize	size		Maximum coredump size limit.
 .It "cputime	time		CPU usage limit.
@@ -189,6 +189,7 @@ notation may be used.
 .It "sbsize	size		Maximum permitted socketbuffer size.
 .It "vmemoryuse	size		Maximum permitted total VM usage per process.
 .It "stacksize	size		Maximum stack size limit.
+.It "pseudoterminals	number		Maximum number of pseudo-terminals.
 .El
 .Pp
 These resource limit entries actually specify both the maximum
diff --git a/lib/libutil/login_class.c b/lib/libutil/login_class.c
index c18d46a..6e81fcf 100644
--- a/lib/libutil/login_class.c
+++ b/lib/libutil/login_class.c
@@ -50,18 +50,19 @@ static struct login_res {
     rlim_t (*who)(login_cap_t *, const char *, rlim_t, rlim_t);
     int why;
 } resources[] = {
-    { "cputime",      login_getcaptime, RLIMIT_CPU      },
-    { "filesize",     login_getcapsize, RLIMIT_FSIZE    },
-    { "datasize",     login_getcapsize, RLIMIT_DATA     },
-    { "stacksize",    login_getcapsize, RLIMIT_STACK    },
-    { "memoryuse",    login_getcapsize, RLIMIT_RSS      },
-    { "memorylocked", login_getcapsize, RLIMIT_MEMLOCK  },
-    { "maxproc",      login_getcapnum,  RLIMIT_NPROC    },
-    { "openfiles",    login_getcapnum,  RLIMIT_NOFILE   },
-    { "coredumpsize", login_getcapsize, RLIMIT_CORE     },
-    { "sbsize",       login_getcapsize,	RLIMIT_SBSIZE	},
-    { "vmemoryuse",   login_getcapsize,	RLIMIT_VMEM	},
-    { NULL,	      0,		0 	        }
+    { "cputime",         login_getcaptime, RLIMIT_CPU     },
+    { "filesize",        login_getcapsize, RLIMIT_FSIZE   },
+    { "datasize",        login_getcapsize, RLIMIT_DATA    },
+    { "stacksize",       login_getcapsize, RLIMIT_STACK   },
+    { "memoryuse",       login_getcapsize, RLIMIT_RSS     },
+    { "memorylocked",    login_getcapsize, RLIMIT_MEMLOCK },
+    { "maxproc",         login_getcapnum,  RLIMIT_NPROC   },
+    { "openfiles",       login_getcapnum,  RLIMIT_NOFILE  },
+    { "coredumpsize",    login_getcapsize, RLIMIT_CORE    },
+    { "sbsize",          login_getcapsize, RLIMIT_SBSIZE  },
+    { "vmemoryuse",      login_getcapsize, RLIMIT_VMEM    },
+    { "pseudoterminals", login_getcapnum,  RLIMIT_NPTS    },
+    { NULL,              0,                0              }
 };