Ludovic Courtès writes: > Ricardo Wurmus skribis: > >> The attached patch tries to add an entry for pam_limits.so, but I have >> no idea if this actually works or if this is the way it should be done. >> As far as I can tell we only need the pam_limits.so entry for >> “/etc/pam.d/login”, but I could not find where this file is generated. > > It is generated based on the ‘pam-services’ field of the service > returned by ‘mingetty-service’. > > Maybe it would be best to adjust just that part? Oh, right. Attached are two patches: * The first exports the pam-service-* getters, making it possible to extend a pam-service. * The second extends the “session” field of the mingetty-service to add “pam_limits.so” to the required modules. Loading the module doesn’t yet do anything on GuixSD because we don’t generate ‘/etc/security/limits.conf’ (or ‘/etc/security/limits.d/’), but it should respect such file if it does exist. (I have not yet tested this, but I will some time this week.) Does this look okay? > Is this PREFIX/etc/security/limits.d convention already used? If not, > I’d rather avoid inventing it. ;-) > > What we could do is add a field in ‘operating-system’ to specify the > limits.conf file to install as /etc/security/limits.conf? Yes, that’s a better idea. > It would be even better to create Scheme data types that mirror the > settings of a limits.conf file (similar to what is done for PAM > settings), and have users fiddle with that rather than with a plain text > file. I’ll familiarise myself with how other (service) configuration files are created in GuixSD and propose a patch later. ~~ Ricardo