From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: [RFC] Support for pam_limits.so: =?utf-8?B?4oCcc3XigJ0=?= is
	ignored.
Date: Sat, 02 Apr 2016 16:44:53 +0200
Message-ID: <87vb40f4t6.fsf@gnu.org>
References: <87bn5tyfrn.fsf@elephly.net> <87io01h9uc.fsf@gnu.org>
	<874mbkxymn.fsf@elephly.net>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35052)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1amMnM-0002yh-CP
	for guix-devel@gnu.org; Sat, 02 Apr 2016 10:45:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1amMnJ-0006gB-3N
	for guix-devel@gnu.org; Sat, 02 Apr 2016 10:45:00 -0400
In-Reply-To: <874mbkxymn.fsf@elephly.net> (Ricardo Wurmus's message of "Sat,
	02 Apr 2016 09:23:28 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Ricardo Wurmus <rekado@elephly.net>
Cc: guix-devel <guix-devel@gnu.org>

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ricardo Wurmus <rekado@elephly.net> skribis:

> Ludovic Court=C3=A8s <ludo@gnu.org> writes:

[...]

>> --8<---------------cut here---------------start------------->8---
>> $ ./pre-inst-env guix system build ~/src/configuration/pluto-configurati=
on.scm
>> substitute: updating list of substitutes from 'https://mirror.hydra.gnu.=
org'... 100.0%
>> substitute: updating list of substitutes from 'https://hydra.gnu.org'...=
 100.0%
>> La jenaj derivoj estos konstruataj:
>>    /gnu/store/0fxwylcmdxy7bqmjpxwqf24v2x4yr53w-system.drv
>>    /gnu/store/q254gqx3rgwxn98nsaz16z8rl58nhfkw-shepherd.conf.drv
>>    /gnu/store/517cxw8xiniwsh9bfdp389qxlm9w5jj8-activate-service.drv
>>    /gnu/store/ky8p3bq0xpj3lf989fz1ba3j2xycyiz6-activate.drv
>>    /gnu/store/ljjl4zs722flxbpip8jdssqd549g7pay-boot.drv
>>    /gnu/store/vz8745sdk0ph0rykxldwzmfa3a5r7cm1-etc.drv
>> /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system
>> ludo@pluto ~/src/guix$ grep pam_limit /gnu/store/s84hvl064k494174z692wl1=
vaqzrygln-system/etc/pam.d/*
>> /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system/etc/pam.d/login:sessi=
on required pam_limits.so conf=3D/etc/security/limits.conf
>> /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system/etc/pam.d/slim:sessio=
n required pam_limits.so conf=3D/etc/security/limits.conf
>> /gnu/store/s84hvl064k494174z692wl1vaqzrygln-system/etc/pam.d/su:session =
required pam_limits.so conf=3D/etc/security/limits.conf
>> --8<---------------cut here---------------end--------------->8---
>>
>> =E2=80=A6 where the configuration in question has (pam-limits-service) i=
n its
>> =E2=80=98services=E2=80=99 field.

=E2=80=A6 in addition to =E2=80=98%base-services=E2=80=99 and a bunch of th=
ings.

> How odd.  It does not work for me:
>
> rekado in guix: ./pre-inst-env guix system build /etc/config.scm
> substitute: updating list of substitutes from 'https://hydra.gnu.org'... =
100.0%
> The following derivations will be built:
>    /gnu/store/8pldcwijn1szpyc4cbm4z808sbdn18r0-system.drv
>    /gnu/store/x2pigxf3mrf5crbmnjfxza8h3a70fvnv-activate-service.drv
>    /gnu/store/nwm5gsfavv35g3hjgzi5xymhxhqf2g4l-activate.drv
>    /gnu/store/38x73bdqj40wmy3lz8qnpfc20wb0dr6x-boot.drv
>    /gnu/store/mlkssjhw4avm8a37yi0nfk4z4zd9bkj6-security.drv
>    /gnu/store/1lxncnhdab3l732r144r5ww0y9rjq72f-etc.drv
> /gnu/store/qwjbfjzqlbdcrsbnyyjylfkhm6kqna5d-system
> rekado in guix: grep limits /gnu/store/qwjbfjzqlbdcrsbnyyjylfkhm6kqna5d-s=
ystem/etc/pam.d/*
> /gnu/store/qwjbfjzqlbdcrsbnyyjylfkhm6kqna5d-system/etc/pam.d/login:sessio=
n required pam_limits.so conf=3D/etc/security/limits.conf
> /gnu/store/qwjbfjzqlbdcrsbnyyjylfkhm6kqna5d-system/etc/pam.d/slim:session=
 required pam_limits.so conf=3D/etc/security/limits.conf
>
> When my configuration looks like this:
>
>       (services (list (pam-limits-service)))
>
> Then there=E2=80=99s one file containing pam_limits, namely =E2=80=9C/etc=
/pam.d/su=E2=80=9D.

That=E2=80=99s expected: in this case, there=E2=80=99s no =E2=80=98login=E2=
=80=99 and no =E2=80=98slim=E2=80=99.

> When my configuration looks like this, however:
>
>       (services (cons* (pam-limits-service)
>                        %desktop-services))
>
> Then only =E2=80=9C/etc/pam.d/login=E2=80=9D and =E2=80=9C/etc/pam.d/slim=
=E2=80=9D contain pam_limits;
> =E2=80=9C/etc/pam.d/su=E2=80=9D does not.

Hmm, I can=E2=80=99t reproduce it.  For instance, with this:


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline

diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl
index 7cb461f..f98b6cf 100644
--- a/gnu/system/examples/lightweight-desktop.tmpl
+++ b/gnu/system/examples/lightweight-desktop.tmpl
@@ -33,13 +33,13 @@
 
   ;; Add a bunch of window managers; we can choose one at
   ;; the log-in screen with F1.
-  (packages (cons* ratpoison i3-wm xmonad  ;window managers
+  (packages (cons* ratpoison
                    nss-certs               ;for HTTPS access
                    %base-packages))
 
   ;; Use the "desktop" services, which include the X11
   ;; log-in service, networking with Wicd, and more.
-  (services %desktop-services)
+  (services (cons (pam-limits-service) %desktop-services))
 
   ;; Allow resolution of '.local' host names with mDNS.
   (name-service-switch %mdns-host-lookup-nss))

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


I get:

--8<---------------cut here---------------start------------->8---
$ ./pre-inst-env guix system build gnu/system/examples/lightweight-desktop.=
tmpl
substitute: updating list of substitutes from 'https://mirror.hydra.gnu.org=
'... 100.0%
substitute: updating list of substitutes from 'https://hydra.gnu.org'... 10=
0.0%

[...]

/gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system
$ grep pam_limit /gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam=
.d/*
/gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/login:session =
required pam_limits.so conf=3D/etc/security/limits.conf
/gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/slim:session r=
equired pam_limits.so conf=3D/etc/security/limits.conf
/gnu/store/rx31x0m8fk5aknwf754in9yxl7vcq8ls-system/etc/pam.d/su:session req=
uired pam_limits.so conf=3D/etc/security/limits.conf
--8<---------------cut here---------------end--------------->8---

Could you try it?

Thanks,
Ludo=E2=80=99.

--=-=-=--