unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#37380: gdm doesn't load pam-limits
@ 2019-09-11 15:12 Jesse Gibbons
  2019-09-11 18:08 ` Jesse Gibbons
  2019-09-11 19:48 ` Ricardo Wurmus
  0 siblings, 2 replies; 7+ messages in thread
From: Jesse Gibbons @ 2019-09-11 15:12 UTC (permalink / raw)
  To: 37380

[-- Attachment #1: Type: text/plain, Size: 440 bytes --]

I have been trying to set up ardour, but jackd doesn't start in real-
time mode. I made an os definition that replicates this issue when I
use a VM[0].
[0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.html
I asked the gnome and gdm IRC and found out gdm loads the gdm-password
pam config, which seems untouched by pam-limits-service. My
/etc/pam.d/gdm-password (which should be the default) is attached.

Thanks!
-- 
-Jesse

[-- Attachment #2: gdm-password --]
[-- Type: text/plain, Size: 304 bytes --]

account required pam_unix.so 
auth required pam_unix.so nullok
password required pam_unix.so sha512 shadow
session required /gnu/store/90b3ypy5w6si4vd4b17i2nyzy0pfr5j2-elogind-241.3/lib/security/pam_elogind.so 
session required pam_loginuid.so 
session required pam_env.so 
session required pam_unix.so 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#37380: gdm doesn't load pam-limits
  2019-09-11 15:12 bug#37380: gdm doesn't load pam-limits Jesse Gibbons
@ 2019-09-11 18:08 ` Jesse Gibbons
  2019-09-11 19:48 ` Ricardo Wurmus
  1 sibling, 0 replies; 7+ messages in thread
From: Jesse Gibbons @ 2019-09-11 18:08 UTC (permalink / raw)
  To: 37380

On Wed, 2019-09-11 at 09:12 -0600, Jesse Gibbons wrote:
> I have been trying to set up ardour, but jackd doesn't start in real-
> time mode. I made an os definition that replicates this issue when I
> use a VM[0].
> [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.htm
> l
> I asked the gnome and gdm IRC and found out gdm loads the gdm-
> password
> pam config, which seems untouched by pam-limits-service. My
> /etc/pam.d/gdm-password (which should be the default) is attached.
> 
> Thanks!
I'm not sure how to resolve this issue. I tried appending "gdm-
password" to the list of pam configs modified by pam-limits-service[1]
but it doesn't fix anything when I use ./pre-inst-env to build the
vm. gdm-password still does not have a line to load pam_limits.

Whatever the solution, we will probably also want to implement it with
other graphical login services like slim and sddm (and eventually
lightdm and kdm).

[1] http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/base.sc
m#n1480
-- 
-Jesse

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#37380: gdm doesn't load pam-limits
  2019-09-11 15:12 bug#37380: gdm doesn't load pam-limits Jesse Gibbons
  2019-09-11 18:08 ` Jesse Gibbons
@ 2019-09-11 19:48 ` Ricardo Wurmus
  2019-09-12 18:23   ` Jesse Gibbons
  2019-09-14 23:13   ` Jesse Gibbons
  1 sibling, 2 replies; 7+ messages in thread
From: Ricardo Wurmus @ 2019-09-11 19:48 UTC (permalink / raw)
  To: Jesse Gibbons; +Cc: 37380


Hi Jesse,

> I have been trying to set up ardour, but jackd doesn't start in real-
> time mode. I made an os definition that replicates this issue when I
> use a VM[0].
> [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.html
> I asked the gnome and gdm IRC and found out gdm loads the gdm-password
> pam config, which seems untouched by pam-limits-service. My
> /etc/pam.d/gdm-password (which should be the default) is attached.

I can reproduce this.

(I’m sorry for accidentally misleading you earlier.  Turns out I used
JACK a little longer ago than I initially realized.)

I think it should be pretty easy to fix this:

1) we should generate a single file that is used for generic session
settings.

2) all login programs (including gdm) should include that file in their
PAM settings.

3) the pam-limits-service should extend that single file instead of
attempting to update a bunch of PAM files for a selected list of
programs.

--
Ricardo

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#37380: gdm doesn't load pam-limits
  2019-09-11 19:48 ` Ricardo Wurmus
@ 2019-09-12 18:23   ` Jesse Gibbons
  2019-09-14 23:13   ` Jesse Gibbons
  1 sibling, 0 replies; 7+ messages in thread
From: Jesse Gibbons @ 2019-09-12 18:23 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: 37380

Thanks Ricardo,
On Wed, 2019-09-11 at 21:48 +0200, Ricardo Wurmus wrote:
> Hi Jesse,
> 
> > I have been trying to set up ardour, but jackd doesn't start in
> > real-
> > time mode. I made an os definition that replicates this issue when
> > I
> > use a VM[0].
> > [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.h
> > tml
> > I asked the gnome and gdm IRC and found out gdm loads the gdm-
> > password
> > pam config, which seems untouched by pam-limits-service. My
> > /etc/pam.d/gdm-password (which should be the default) is attached.
> 
> I can reproduce this.
> 
> (I’m sorry for accidentally misleading you earlier.  Turns out I used
> JACK a little longer ago than I initially realized.)
So was there a time when JACK worked realtime after logging in from gdm
on a GuixSD install?
> 
> I think it should be pretty easy to fix this:
> 
> 1) we should generate a single file that is used for generic session
> settings.
What should be this file's default contents? Should it be empty unless
the pam-limits-service is specified?
> 
> 2) all login programs (including gdm) should include that file in
> their
> PAM settings.
I suppose this could be done by adding
(pam-entry
 (control "include")
 (module "standard-session"))

I'm not sure "module" is a good word to describe the file.
> 
> 3) the pam-limits-service should extend that single file instead of
> attempting to update a bunch of PAM files for a selected list of
> programs.
Should this file be a part of base-services?
> --
> Ricardo
> 
I have to go to work soon, but I hope I can have this accomplished with
a patch series ready by Saturday. I'll check in with a status update
Saturday evening UTC -6.
-- 
-Jesse

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#37380: gdm doesn't load pam-limits
  2019-09-11 19:48 ` Ricardo Wurmus
  2019-09-12 18:23   ` Jesse Gibbons
@ 2019-09-14 23:13   ` Jesse Gibbons
  2019-09-19  2:46     ` Jesse Gibbons
  2019-09-25 15:47     ` Jesse Gibbons
  1 sibling, 2 replies; 7+ messages in thread
From: Jesse Gibbons @ 2019-09-14 23:13 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: 37380

On Wed, 2019-09-11 at 21:48 +0200, Ricardo Wurmus wrote:
> Hi Jesse,
> 
> > I have been trying to set up ardour, but jackd doesn't start in
> > real-
> > time mode. I made an os definition that replicates this issue when
> > I
> > use a VM[0].
> > [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.h
> > tml
> > I asked the gnome and gdm IRC and found out gdm loads the gdm-
> > password
> > pam config, which seems untouched by pam-limits-service. My
> > /etc/pam.d/gdm-password (which should be the default) is attached.
> 
> I can reproduce this.
> 
> (I’m sorry for accidentally misleading you earlier.  Turns out I used
> JACK a little longer ago than I initially realized.)
> 
> I think it should be pretty easy to fix this:
> 
> 1) we should generate a single file that is used for generic session
> settings.
> 
> 2) all login programs (including gdm) should include that file in
> their
> PAM settings.
> 
> 3) the pam-limits-service should extend that single file instead of
> attempting to update a bunch of PAM files for a selected list of
> programs.
> 
> --
> Ricardo
> 
Is all this best practice?

This solution would have patches for three files:
- gnu/system/pam.scm (adding the generic session settings file and
patching the "su" and "login" configurations)
- gnu/services/base.scm (patching pam-limits-service)
- gnu/services/desktop.scm (patching the graphical login
configurations).

All new login services would require a patch to just one file with
these steps implemented(to add the service), whereas they would each
need a patch to two files if they are not implemented (one to add the
service, another to have pam-limits-service modify the service's pam
config.

If you think this solution is better design than what we currently
have, and others in this mailing list agree, I will work to provide
these patches.

I previously said adding gdm-password to the list of pam configs
amended by pam-limits-service did not work. I then discovered the
changes in the environment will not work unless I run "make". I don't
know if this is a bug in guix or guile, or if it is intentionally this
way; the manual should be updated to clarify that guix needs to be
built in the environment for the changes to work.

I sent a patch (bug#37405) that fixes this issue for gdm-password. A
simple change can probably fix it for gdm-autologin (not added because
I haven't tested it) and whatever gdm loads when the user logs in with
biometric fingerprints (I don't know the name). When we add ldm and
kdm, I think we can do something similar.

-- 
-Jesse

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#37380: gdm doesn't load pam-limits
  2019-09-14 23:13   ` Jesse Gibbons
@ 2019-09-19  2:46     ` Jesse Gibbons
  2019-09-25 15:47     ` Jesse Gibbons
  1 sibling, 0 replies; 7+ messages in thread
From: Jesse Gibbons @ 2019-09-19  2:46 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: 37380

On Sat, 2019-09-14 at 17:13 -0600, Jesse Gibbons wrote:
> On Wed, 2019-09-11 at 21:48 +0200, Ricardo Wurmus wrote:
> > Hi Jesse,
> > 
> > > I have been trying to set up ardour, but jackd doesn't start in
> > > real-
> > > time mode. I made an os definition that replicates this issue when
> > > I
> > > use a VM[0].
> > > [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.h
> > > tml
> > > I asked the gnome and gdm IRC and found out gdm loads the gdm-
> > > password
> > > pam config, which seems untouched by pam-limits-service. My
> > > /etc/pam.d/gdm-password (which should be the default) is attached.
> > 
> > I can reproduce this.
> > 
> > (I’m sorry for accidentally misleading you earlier.  Turns out I used
> > JACK a little longer ago than I initially realized.)
> > 
> > I think it should be pretty easy to fix this:
> > 
> > 1) we should generate a single file that is used for generic session
> > settings.
> > 
> > 2) all login programs (including gdm) should include that file in
> > their
> > PAM settings.
> > 
> > 3) the pam-limits-service should extend that single file instead of
> > attempting to update a bunch of PAM files for a selected list of
> > programs.
> > 
> > --
> > Ricardo
> > 
> 
> Is all this best practice?
> 
> This solution would have patches for three files:
> - gnu/system/pam.scm (adding the generic session settings file and
> patching the "su" and "login" configurations)
> - gnu/services/base.scm (patching pam-limits-service)
> - gnu/services/desktop.scm (patching the graphical login
> configurations).
> 
> All new login services would require a patch to just one file with
> these steps implemented(to add the service), whereas they would each
> need a patch to two files if they are not implemented (one to add the
> service, another to have pam-limits-service modify the service's pam
> config.
> 
> If you think this solution is better design than what we currently
> have, and others in this mailing list agree, I will work to provide
> these patches.
> 
> I previously said adding gdm-password to the list of pam configs
> amended by pam-limits-service did not work. I then discovered the
> changes in the environment will not work unless I run "make". I don't
> know if this is a bug in guix or guile, or if it is intentionally this
> way; the manual should be updated to clarify that guix needs to be
> built in the environment for the changes to work.
> 
> I sent a patch (bug#37405) that fixes this issue for gdm-password. A
> simple change can probably fix it for gdm-autologin (not added because
> I haven't tested it) and whatever gdm loads when the user logs in with
> biometric fingerprints (I don't know the name). When we add ldm and
> kdm, I think we can do something similar.
> 
ping

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#37380: gdm doesn't load pam-limits
  2019-09-14 23:13   ` Jesse Gibbons
  2019-09-19  2:46     ` Jesse Gibbons
@ 2019-09-25 15:47     ` Jesse Gibbons
  1 sibling, 0 replies; 7+ messages in thread
From: Jesse Gibbons @ 2019-09-25 15:47 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: 37380

On Sat, 2019-09-14 at 17:13 -0600, Jesse Gibbons wrote:
> On Wed, 2019-09-11 at 21:48 +0200, Ricardo Wurmus wrote:
> > Hi Jesse,
> > 
> > > I have been trying to set up ardour, but jackd doesn't start in
> > > real-
> > > time mode. I made an os definition that replicates this issue when
> > > I
> > > use a VM[0].
> > > [0] https://lists.gnu.org/archive/html/help-guix/2019-09/msg00065.h
> > > tml
> > > I asked the gnome and gdm IRC and found out gdm loads the gdm-
> > > password
> > > pam config, which seems untouched by pam-limits-service. My
> > > /etc/pam.d/gdm-password (which should be the default) is attached.
> > 
> > I can reproduce this.
> > 
> > (I’m sorry for accidentally misleading you earlier.  Turns out I used
> > JACK a little longer ago than I initially realized.)
> > 
> > I think it should be pretty easy to fix this:
> > 
> > 1) we should generate a single file that is used for generic session
> > settings.
> > 
> > 2) all login programs (including gdm) should include that file in
> > their
> > PAM settings.
> > 
> > 3) the pam-limits-service should extend that single file instead of
> > attempting to update a bunch of PAM files for a selected list of
> > programs.
> > 
> > --
> > Ricardo
> > 
> 
> Is all this best practice?
> 
> This solution would have patches for three files:
> - gnu/system/pam.scm (adding the generic session settings file and
> patching the "su" and "login" configurations)
> - gnu/services/base.scm (patching pam-limits-service)
> - gnu/services/desktop.scm (patching the graphical login
> configurations).
> 
> All new login services would require a patch to just one file with
> these steps implemented(to add the service), whereas they would each
> need a patch to two files if they are not implemented (one to add the
> service, another to have pam-limits-service modify the service's pam
> config.
> 
> If you think this solution is better design than what we currently
> have, and others in this mailing list agree, I will work to provide
> these patches.
> 
> I previously said adding gdm-password to the list of pam configs
> amended by pam-limits-service did not work. I then discovered the
> changes in the environment will not work unless I run "make". I don't
> know if this is a bug in guix or guile, or if it is intentionally this
> way; the manual should be updated to clarify that guix needs to be
> built in the environment for the changes to work.
> 
> I sent a patch (bug#37405) that fixes this issue for gdm-password. A
> simple change can probably fix it for gdm-autologin (not added because
> I haven't tested it) and whatever gdm loads when the user logs in with
> biometric fingerprints (I don't know the name). When we add ldm and
> kdm, I think we can do something similar.
> 
ping

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2019-09-25 15:49 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-11 15:12 bug#37380: gdm doesn't load pam-limits Jesse Gibbons
2019-09-11 18:08 ` Jesse Gibbons
2019-09-11 19:48 ` Ricardo Wurmus
2019-09-12 18:23   ` Jesse Gibbons
2019-09-14 23:13   ` Jesse Gibbons
2019-09-19  2:46     ` Jesse Gibbons
2019-09-25 15:47     ` Jesse Gibbons

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).