[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC] Support for pam_limits.so: “su” is ignored.
From: |
Ludovic Courtès |
Subject: |
Re: [RFC] Support for pam_limits.so: “su” is ignored. |
Date: |
Sun, 03 Apr 2016 23:42:54 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Ricardo Wurmus <address@hidden> skribis:
> Ludovic Courtès <address@hidden> writes:
[...]
>> I get:
>>
>> --8<---------------cut here---------------start------------->8---
>> $ ./pre-inst-env guix system build
>> gnu/system/examples/lightweight-desktop.tmpl
>> substitute: updating list of substitutes from
>> 'https://mirror.hydra.gnu.org'... 100.0%
>> substitute: updating list of substitutes from 'https://hydra.gnu.org'...
>> 100.0%
>>
>> [...]
>>
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system
>> $ grep pam_limit
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/*
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/login:session
>> required pam_limits.so conf=/etc/security/limits.conf
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/slim:session
>> required pam_limits.so conf=/etc/security/limits.conf
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/su:session
>> required pam_limits.so conf=/etc/security/limits.conf
>> --8<---------------cut here---------------end--------------->8---
>>
>> Could you try it?
>
> I did and I don’t get the same as you do:
>
> $ ./pre-inst-env guix system build
> gnu/system/examples/lightweight-desktop.tmpl
> substitute: updating list of substitutes from 'https://hydra.gnu.org'...
> 100.0%
> The following derivations will be built:
> /gnu/store/l8r7k5ysw5vkdi67rcz9wx5gl9sxp892-system.drv
> /gnu/store/5q0rh32ns03y4ndsj1fmsim9zm04x182-activate-service.drv
> /gnu/store/rvgr25dfw70kf3dyr3mp8w9dmpqsqlll-activate.drv
> /gnu/store/56d9psa8xcv3i6wqfc01zb39i9sbd7v5-boot.drv
> /gnu/store/siny40wkak05sqlnmwwsmpxwh93rva1f-gtk-icon-themes.drv
> /gnu/store/fx5bkg9cz15w90yqximsd678g31blyzk-info-dir.drv
> /gnu/store/68ri6jqwbg1k15iiyvj3j9a065c22rd1-ca-certificate-bundle.drv
> /gnu/store/ja6pgayi1qcyf8ffq27s4jimzcq2nm54-profile.drv
> /gnu/store/50s165xprg605n58i81z49sv1f797vpz-etc.drv
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system
> $ grep pam_limit
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/*
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/login:session
> required pam_limits.so conf=/etc/security/limits.conf
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/slim:session
> required pam_limits.so conf=/etc/security/limits.conf
Crazy stuff.
The ‘/etc-entry’ procedure in (gnu system pam) clearly calls the
transformation procedure for all the PAM services. I don’t see what
could go wrong.
Could you add a bunch of ’pk’ in this procedure and in your
‘pam-extension’ procedure as well and report on that?
> I’m using Guix at commit a754eaf with additional commits to add packages
> to gnu/packages and the patch I sent earlier to extend the pam files
> with pam_limits. The only uncommited change is the modification of
> “gnu/system/examples/lightweight-desktop.tmpl”.
>
> Very odd. It’s possible that this is a problem with my setup here. If
> that’s so, would you be okay with the commit (if it had a proper commit
> message)?
Yes (and doc :-)).
I haven’t checked the feasibility etc., but eventually, maybe it would
be best to have Scheme bindings for limits.conf. That way, we could
write services that extend ‘limits-service-type’ with new limits or
something.
WDYT?
Thanks,
Ludo’.