Ricardo Wurmus <rek...@elephly.net> skribis: > Ludovic Courtès <l...@gnu.org> writes: > >> Ricardo Wurmus <rek...@elephly.net> skribis: >> >>> The attached patch tries to add an entry for pam_limits.so, but I have >>> no idea if this actually works or if this is the way it should be done. >>> As far as I can tell we only need the pam_limits.so entry for >>> “/etc/pam.d/login”, but I could not find where this file is generated. >> >> It is generated based on the ‘pam-services’ field of the service >> returned by ‘mingetty-service’. >> >> Maybe it would be best to adjust just that part? > > Oh, right. Attached are two patches: > > * The first exports the pam-service-* getters, making it possible to > extend a pam-service. > > * The second extends the “session” field of the mingetty-service to > add “pam_limits.so” to the required modules. > > Loading the module doesn’t yet do anything on GuixSD because we don’t > generate ‘/etc/security/limits.conf’ (or ‘/etc/security/limits.d/’), but > it should respect such file if it does exist. (I have not yet tested > this, but I will some time this week.) > > Does this look okay?
As long as lack of /etc/security/limits.conf doesn’t create any problems or annoying warnings, that’s fine! >> Is this PREFIX/etc/security/limits.d convention already used? If not, >> I’d rather avoid inventing it. ;-) >> >> What we could do is add a field in ‘operating-system’ to specify the >> limits.conf file to install as /etc/security/limits.conf? > > Yes, that’s a better idea. One way to do that within the new service framework would be to have a “limits” service that extends ‘etc-service-type’. Something like that. > From cdf974eb7595cfb8997111d09f6da2350c72afdd Mon Sep 17 00:00:00 2001 > From: Ricardo Wurmus <rek...@elephly.net> > Date: Mon, 12 Oct 2015 07:08:32 +0200 > Subject: [PATCH 1/2] system: Export pam-service accessors. > > * gnu/system/linux.scm (pam-service-name, pam-service-account, > pam-service-auth, pam-service-password, pam-service-session): Export. Sure! > From 0a1b5cad3d302d937a29dec95e805488a26b34e8 Mon Sep 17 00:00:00 2001 > From: Ricardo Wurmus <rek...@elephly.net> > Date: Mon, 12 Oct 2015 07:11:51 +0200 > Subject: [PATCH 2/2] services: Add entry for pam_limits to > mingetty-pam-service. > > * gnu/services/base.scm (mingetty-pam-service): Add pam-entry for > PAM module "pam_limits.so" to session field. [...] > + (session (cons (pam-entry > + (control "required") > + (module "pam_limits.so")) Please add a one-line comment saying what this is about. OK as long as it doesn’t break anything in the absence of limits.conf and doesn’t trigger warnings. Thanks! Ludo’.
