From cfe06b7c37035ab95e7b527fcde3a785f9e7de13 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Fri, 1 Apr 2016 08:50:50 +0200 Subject: [PATCH] WIP support for pam_limits.so --- gnu/services/base.scm | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index a006c00..2c256ad 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2015, 2016 Alex Kost ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2015 Sou Bunnbu +;;; Copyright © 2016 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -93,6 +94,9 @@ gpm-service-type gpm-service + pam-limits-service-type + pam-limits-service + %base-services)) ;;; Commentary: @@ -818,6 +822,40 @@ settings. information on the configuration file syntax." (service syslog-service-type config-file)) +(define pam-limits-service-type + ;; Create /etc/security containing the provided "limits.conf" file. + (define (security-limits limits-file) + `(("security" + ,(computed-file + "security" + #~(begin (mkdir #$output) + (stat #$limits-file) + (symlink #$limits-file + (string-append #$output "/limits.conf"))))))) + (define (pam-extension pam) + (let ((pam-limits (pam-entry + (control "required") + (module "pam_limits.so") + (arguments '("conf=/etc/security/limits.conf"))))) + (if (member (pam-service-name pam) + '("login" "su" "slim")) + (pam-service + (inherit pam) + (session (cons pam-limits + (pam-service-session pam)))) + pam))) + (service-type + (name 'limits) + (extensions + (list (service-extension etc-service-type security-limits) + (service-extension pam-root-service-type + (lambda _ (list pam-extension))))))) + +(define* (pam-limits-service #:optional (limits (plain-file "limits.conf" ""))) + "Return a service that makes selected programs respect the limits specified +in LIMITS via pam_limits.so." + (service pam-limits-service-type limits)) + ;;; ;;; Guix services. -- 2.7.3