guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC] Support for pam_limits.so: “su” is ignored.

From: Ludovic Courtès
Subject: Re: [RFC] Support for pam_limits.so: “su” is ignored.
Date: Sun, 03 Apr 2016 23:42:54 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) 
Ricardo Wurmus <address@hidden> skribis:

> Ludovic Courtès <address@hidden> writes:

[...]

>> I get:
>>
>> --8<---------------cut here---------------start------------->8---
>> $ ./pre-inst-env guix system build 
>> gnu/system/examples/lightweight-desktop.tmpl
>> substitute: updating list of substitutes from 
>> 'https://mirror.hydra.gnu.org'... 100.0%
>> substitute: updating list of substitutes from 'https://hydra.gnu.org'... 
>> 100.0%
>>
>> [...]
>>
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system
>> $ grep pam_limit 
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/*
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/login:session 
>> required pam_limits.so conf=/etc/security/limits.conf
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/slim:session 
>> required pam_limits.so conf=/etc/security/limits.conf
>> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/su:session 
>> required pam_limits.so conf=/etc/security/limits.conf
>> --8<---------------cut here---------------end--------------->8---
>>
>> Could you try it?
>
> I did and I don’t get the same as you do:
>
> $ ./pre-inst-env guix system build 
> gnu/system/examples/lightweight-desktop.tmpl
> substitute: updating list of substitutes from 'https://hydra.gnu.org'... 
> 100.0%
> The following derivations will be built:
>    /gnu/store/l8r7k5ysw5vkdi67rcz9wx5gl9sxp892-system.drv
>    /gnu/store/5q0rh32ns03y4ndsj1fmsim9zm04x182-activate-service.drv
>    /gnu/store/rvgr25dfw70kf3dyr3mp8w9dmpqsqlll-activate.drv
>    /gnu/store/56d9psa8xcv3i6wqfc01zb39i9sbd7v5-boot.drv
>    /gnu/store/siny40wkak05sqlnmwwsmpxwh93rva1f-gtk-icon-themes.drv
>    /gnu/store/fx5bkg9cz15w90yqximsd678g31blyzk-info-dir.drv
>    /gnu/store/68ri6jqwbg1k15iiyvj3j9a065c22rd1-ca-certificate-bundle.drv
>    /gnu/store/ja6pgayi1qcyf8ffq27s4jimzcq2nm54-profile.drv
>    /gnu/store/50s165xprg605n58i81z49sv1f797vpz-etc.drv
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system
> $ grep pam_limit 
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/*
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/login:session 
> required pam_limits.so conf=/etc/security/limits.conf
> /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/slim:session 
> required pam_limits.so conf=/etc/security/limits.conf

Crazy stuff.

The ‘/etc-entry’ procedure in (gnu system pam) clearly calls the
transformation procedure for all the PAM services.  I don’t see what
could go wrong.

Could you add a bunch of ’pk’ in this procedure and in your
‘pam-extension’ procedure as well and report on that?

> I’m using Guix at commit a754eaf with additional commits to add packages
> to gnu/packages and the patch I sent earlier to extend the pam files
> with pam_limits.  The only uncommited change is the modification of
> “gnu/system/examples/lightweight-desktop.tmpl”.
>
> Very odd.  It’s possible that this is a problem with my setup here.  If
> that’s so, would you be okay with the commit (if it had a proper commit
> message)?

Yes (and doc :-)).

I haven’t checked the feasibility etc., but eventually, maybe it would
be best to have Scheme bindings for limits.conf.  That way, we could
write services that extend ‘limits-service-type’ with new limits or
something.

WDYT?

Thanks,
Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]