From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jesse Gibbons Subject: bug#37380: gdm doesn't load pam-limits Date: Wed, 25 Sep 2019 09:47:53 -0600 Message-ID: References: <87sgp2pqbw.fsf@elephly.net> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:36779) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iD9XM-0005kL-5b for bug-guix@gnu.org; Wed, 25 Sep 2019 11:49:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iD9XK-0000iz-Di for bug-guix@gnu.org; Wed, 25 Sep 2019 11:49:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:33537) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iD9XK-0000ir-AX for bug-guix@gnu.org; Wed, 25 Sep 2019 11:49:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iD9XK-0003LA-6l for bug-guix@gnu.org; Wed, 25 Sep 2019 11:49:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: 37380@debbugs.gnu.org On Sat, 2019-09-14 at 17:13 -0600, Jesse Gibbons wrote: > On Wed, 2019-09-11 at 21:48 +0200, Ricardo Wurmus wrote: > > Hi Jesse, > > > > > I have been trying to set up ardour, but jackd doesn't start in > > > real- > > > time mode. I made an os definition that replicates this issue when > > > I > > > use a VM[0]. > > > [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.h > > > tml > > > I asked the gnome and gdm IRC and found out gdm loads the gdm- > > > password > > > pam config, which seems untouched by pam-limits-service. My > > > /etc/pam.d/gdm-password (which should be the default) is attached. > > > > I can reproduce this. > > > > (I’m sorry for accidentally misleading you earlier. Turns out I used > > JACK a little longer ago than I initially realized.) > > > > I think it should be pretty easy to fix this: > > > > 1) we should generate a single file that is used for generic session > > settings. > > > > 2) all login programs (including gdm) should include that file in > > their > > PAM settings. > > > > 3) the pam-limits-service should extend that single file instead of > > attempting to update a bunch of PAM files for a selected list of > > programs. > > > > -- > > Ricardo > > > > Is all this best practice? > > This solution would have patches for three files: > - gnu/system/pam.scm (adding the generic session settings file and > patching the "su" and "login" configurations) > - gnu/services/base.scm (patching pam-limits-service) > - gnu/services/desktop.scm (patching the graphical login > configurations). > > All new login services would require a patch to just one file with > these steps implemented(to add the service), whereas they would each > need a patch to two files if they are not implemented (one to add the > service, another to have pam-limits-service modify the service's pam > config. > > If you think this solution is better design than what we currently > have, and others in this mailing list agree, I will work to provide > these patches. > > I previously said adding gdm-password to the list of pam configs > amended by pam-limits-service did not work. I then discovered the > changes in the environment will not work unless I run "make". I don't > know if this is a bug in guix or guile, or if it is intentionally this > way; the manual should be updated to clarify that guix needs to be > built in the environment for the changes to work. > > I sent a patch (bug#37405) that fixes this issue for gdm-password. A > simple change can probably fix it for gdm-autologin (not added because > I haven't tested it) and whatever gdm loads when the user logs in with > biometric fingerprints (I don't know the name). When we add ldm and > kdm, I think we can do something similar. > ping