getrlimit() is not an async-signal-safe function according to http://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html so you cannot call it from safe_get_max_fd().

having the getrlimit call done prior to the fork and using the value returned by that iff neither of the other two methods (fcntl and sysconf) are available or produced results seems like the best you can do.

also, rlim_t is an unsigned value yet the existing code in this module is using signed values for the file descriptors.  realistically i do not expect an rlim_t for max file descriptors to ever be > MAX_LONG as many file descriptor API calls require signed values for fds in order to use -1 as an error.

But checking the value for overflow and against the RLIM constants mentioned in http://pubs.opengroup.org/onlinepubs/009695399/basedefs/sys/resource.h.html before casting it via (long) seems pedantically wise.