From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jesse Gibbons Subject: bug#37380: gdm doesn't load pam-limits Date: Sat, 14 Sep 2019 17:13:44 -0600 Message-ID: References: <87sgp2pqbw.fsf@elephly.net> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:58456) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i9HEx-0005IB-71 for bug-guix@gnu.org; Sat, 14 Sep 2019 19:14:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i9HEw-0006lM-25 for bug-guix@gnu.org; Sat, 14 Sep 2019 19:14:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:38399) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i9HEv-0006lI-Su for bug-guix@gnu.org; Sat, 14 Sep 2019 19:14:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1i9HEv-0007Is-Nf for bug-guix@gnu.org; Sat, 14 Sep 2019 19:14:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87sgp2pqbw.fsf@elephly.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: 37380@debbugs.gnu.org On Wed, 2019-09-11 at 21:48 +0200, Ricardo Wurmus wrote: > Hi Jesse, > > > I have been trying to set up ardour, but jackd doesn't start in > > real- > > time mode. I made an os definition that replicates this issue when > > I > > use a VM[0]. > > [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.h > > tml > > I asked the gnome and gdm IRC and found out gdm loads the gdm- > > password > > pam config, which seems untouched by pam-limits-service. My > > /etc/pam.d/gdm-password (which should be the default) is attached. > > I can reproduce this. > > (I’m sorry for accidentally misleading you earlier. Turns out I used > JACK a little longer ago than I initially realized.) > > I think it should be pretty easy to fix this: > > 1) we should generate a single file that is used for generic session > settings. > > 2) all login programs (including gdm) should include that file in > their > PAM settings. > > 3) the pam-limits-service should extend that single file instead of > attempting to update a bunch of PAM files for a selected list of > programs. > > -- > Ricardo > Is all this best practice? This solution would have patches for three files: - gnu/system/pam.scm (adding the generic session settings file and patching the "su" and "login" configurations) - gnu/services/base.scm (patching pam-limits-service) - gnu/services/desktop.scm (patching the graphical login configurations). All new login services would require a patch to just one file with these steps implemented(to add the service), whereas they would each need a patch to two files if they are not implemented (one to add the service, another to have pam-limits-service modify the service's pam config. If you think this solution is better design than what we currently have, and others in this mailing list agree, I will work to provide these patches. I previously said adding gdm-password to the list of pam configs amended by pam-limits-service did not work. I then discovered the changes in the environment will not work unless I run "make". I don't know if this is a bug in guix or guile, or if it is intentionally this way; the manual should be updated to clarify that guix needs to be built in the environment for the changes to work. I sent a patch (bug#37405) that fixes this issue for gdm-password. A simple change can probably fix it for gdm-autologin (not added because I haven't tested it) and whatever gdm loads when the user logs in with biometric fingerprints (I don't know the name). When we add ldm and kdm, I think we can do something similar. -- -Jesse