Re: [RFC]: Respect /etc/security/limits.conf

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC]: Respect /etc/security/limits.conf

From:	Ludovic Courtès
Subject:	Re: [RFC]: Respect /etc/security/limits.conf
Date:	Mon, 12 Oct 2015 19:13:34 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Ricardo Wurmus <address@hidden> skribis:

> Ludovic Courtès <address@hidden> writes:
>
>> Ricardo Wurmus <address@hidden> skribis:
>>
>>> The attached patch tries to add an entry for pam_limits.so, but I have
>>> no idea if this actually works or if this is the way it should be done.
>>> As far as I can tell we only need the pam_limits.so entry for
>>> “/etc/pam.d/login”, but I could not find where this file is generated.
>>
>> It is generated based on the ‘pam-services’ field of the service
>> returned by ‘mingetty-service’.
>>
>> Maybe it would be best to adjust just that part?
>
> Oh, right.  Attached are two patches:
>
>   * The first exports the pam-service-* getters, making it possible to
>     extend a pam-service.
>
>   * The second extends the “session” field of the mingetty-service to
>     add “pam_limits.so” to the required modules.
>
> Loading the module doesn’t yet do anything on GuixSD because we don’t
> generate ‘/etc/security/limits.conf’ (or ‘/etc/security/limits.d/’), but
> it should respect such file if it does exist.  (I have not yet tested
> this, but I will some time this week.)
>
> Does this look okay?

As long as lack of /etc/security/limits.conf doesn’t create any problems
or annoying warnings, that’s fine!

>> Is this PREFIX/etc/security/limits.d convention already used?  If not,
>> I’d rather avoid inventing it.  ;-)
>>
>> What we could do is add a field in ‘operating-system’ to specify the
>> limits.conf file to install as /etc/security/limits.conf?
>
> Yes, that’s a better idea.

One way to do that within the new service framework would be to have a
“limits” service that extends ‘etc-service-type’.  Something like that.

> From cdf974eb7595cfb8997111d09f6da2350c72afdd Mon Sep 17 00:00:00 2001
> From: Ricardo Wurmus <address@hidden>
> Date: Mon, 12 Oct 2015 07:08:32 +0200
> Subject: [PATCH 1/2] system: Export pam-service accessors.
>
> * gnu/system/linux.scm (pam-service-name, pam-service-account,
>   pam-service-auth, pam-service-password, pam-service-session): Export.

Sure!

> From 0a1b5cad3d302d937a29dec95e805488a26b34e8 Mon Sep 17 00:00:00 2001
> From: Ricardo Wurmus <address@hidden>
> Date: Mon, 12 Oct 2015 07:11:51 +0200
> Subject: [PATCH 2/2] services: Add entry for pam_limits to
>  mingetty-pam-service.
>
> * gnu/services/base.scm (mingetty-pam-service): Add pam-entry for
>   PAM module "pam_limits.so" to session field.

[...]

> +           (session (cons (pam-entry
> +                           (control "required")
> +                           (module "pam_limits.so"))

Please add a one-line comment saying what this is about.

OK as long as it doesn’t break anything in the absence of limits.conf
and doesn’t trigger warnings.

Thanks!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [RFC]: Respect /etc/security/limits.conf, Ricardo Wurmus, 2015/10/15
- Re: [RFC]: Respect /etc/security/limits.conf, Ludovic Courtès <=
  - Re: [RFC]: Respect /etc/security/limits.conf, Ricardo Wurmus, 2015/10/17
    - Re: [RFC]: Respect /etc/security/limits.conf, Ludovic Courtès, 2015/10/19

Prev by Date: Re: updating list of substitutes
Next by Date: Re: [PATCH] Hardcode “gs” path in Lilypond.
Previous by thread: Re: [RFC]: Respect /etc/security/limits.conf
Next by thread: Re: [RFC]: Respect /etc/security/limits.conf
Index(es):
- Date
- Thread